diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000..3c4605c943bdb --- /dev/null +++ b/.gitattributes @@ -0,0 +1,13 @@ +**/*.pb.go linguist-generated=true +**/mocks/*.go linguist-generated=true +assets/swagger.json linguist-generated=true +docs/operator-manual/resource_actions_builtin.md linguist-generated=true +docs/operator-manual/server-commands/argocd-*.md linguist-generated=true +docs/user-guide/commands/argocd_*.md linguist-generated=true +manifests/core-install.yaml linguist-generated=true +manifests/crds/*-crd.yaml linguist-generated=true +manifests/ha/install.yaml linguist-generated=true +manifests/ha/namespace-install.yaml linguist-generated=true +manifests/install.yaml linguist-generated=true +manifests/namespace-install.yaml linguist-generated=true +pkg/apis/api-rules/violation_exceptions.list linguist-generated=true diff --git a/.github/ISSUE_TEMPLATE/new_dev_tool.md b/.github/ISSUE_TEMPLATE/new_dev_tool.md new file mode 100644 index 0000000000000..6100922376b9d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new_dev_tool.md @@ -0,0 +1,43 @@ +--- +name: New Dev Tool Request +about: This is a request for adding a new tool for setting up a dev environment. +title: '' +labels: '' +assignees: '' +--- + +Checklist: + +* [ ] I am willing to maintain this tool, or have another Argo CD maintainer who is. +* [ ] I have another Argo CD maintainer who is willing to help maintain this tool (there needs to be at least two maintainers willing to maintain this tool) +* [ ] I have a lead sponsor who is a core Argo CD maintainer +* [ ] There is a PR which adds said tool - this is so that the maintainers can assess the impact of having this in the tree +* [ ] I have given a motivation why this should be added + +### The proposer + +<-- The username(s) of the person(s) proposing the tool --> + +### The proposed tool + + + +### Motivation + + + +### Link to PR (Optional) + + + +### Lead Sponsor(s) + +Final approval requires sponsorship from at least one core maintainer. + +- @ + +### Co-sponsors + +These will be the co-maintainers of the specified tool. + +- @ diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e10453f61b17b..6205c1098d1f9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,8 +4,13 @@ updates: directory: "/" schedule: interval: "daily" + open-pull-requests-limit: 20 ignore: - dependency-name: k8s.io/* + groups: + otel: + patterns: + - "^go.opentelemetry.io/.*" - package-ecosystem: "github-actions" directory: "/" diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index f5fce917c1774..dc80e9cefe929 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -31,7 +31,7 @@ jobs: docs: ${{ steps.filter.outputs.docs_any_changed }} steps: - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - - uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78 # v44.5.2 + - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1 id: filter with: # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file @@ -56,7 +56,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -77,7 +77,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache @@ -101,11 +101,11 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: version: v1.58.2 args: --verbose @@ -128,7 +128,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -165,7 +165,7 @@ jobs: - name: Run all unit tests run: make test-local - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results path: test-results @@ -188,7 +188,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -225,7 +225,7 @@ jobs: - name: Run all unit tests run: make test-race-local - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: race-results path: test-results/ @@ -240,7 +240,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -288,7 +288,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup NodeJS - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 with: node-version: '21.6.1' - name: Restore node dependency cache @@ -308,6 +308,8 @@ jobs: NODE_ENV: production NODE_ONLINE_ENV: online HOST_ARCH: amd64 + # If we're on the master branch, set the codecov token so that we upload bundle analysis + CODECOV_TOKEN: ${{ github.ref == 'refs/heads/master' && secrets.CODECOV_TOKEN || '' }} working-directory: ui/ - name: Run ESLint run: yarn lint @@ -338,7 +340,7 @@ jobs: run: | rm -rf ui/node_modules/argo-ui/node_modules - name: Get unit test code coverage - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: test-results path: test-results diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7dcc9f6e24bca..fb8de2bb20cda 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: go.mod diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 5848f65be088b..f4b7a851816a8 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -69,15 +69,15 @@ jobs: if: ${{ github.ref_type != 'tag'}} - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} - name: Install cosign - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 - - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Setup tags for container image as a CSV type run: | @@ -104,7 +104,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Login to Quay.io - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: quay.io username: ${{ secrets.quay_username }} @@ -112,7 +112,7 @@ jobs: if: ${{ inputs.quay_image_name && inputs.push }} - name: Login to GitHub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ secrets.ghcr_username }} @@ -120,7 +120,7 @@ jobs: if: ${{ inputs.ghcr_image_name && inputs.push }} - name: Login to dockerhub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.docker_username }} password: ${{ secrets.docker_password }} @@ -143,7 +143,7 @@ jobs: - name: Build and push container image id: image - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 #v5.4.0 + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 #v6.7.0 with: context: . platforms: ${{ inputs.platforms }} diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index b7c4c26eaff8e..cb628e156d0c9 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -6,7 +6,7 @@ on: - "release-*" # Codefresh change instead of `master` env: - GOLANG_VERSION: "1.21" + GOLANG_VERSION: "1.22" jobs: publish: @@ -59,3 +59,4 @@ jobs: git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push) if: github.event_name == 'push' working-directory: argoproj-deployments/argocd + diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 70de72d391dba..1c95715b913f4 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -64,7 +64,7 @@ jobs: git stash pop - name: Create pull request - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e3b3851b923fe..a712b0209688e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -156,7 +156,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} @@ -286,7 +286,7 @@ jobs: git push origin ${RELEASE_TAG} - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOLANG_VERSION }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 28621c86666c5..6975868f4a78a 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index 87afd912bcef0..ec47f2553d19d 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -1,4 +1,4 @@ -FROM gitpod/workspace-full@sha256:8dd34e72ae5b9e6f60d267dd6287befc2cf5ad1a11c64e9d93daa60c952a2154 +FROM gitpod/workspace-full@sha256:230285e0b949e6d728d384b2029a4111db7b9c87c182f22f32a0be9e36b225df USER root diff --git a/.golangci.yaml b/.golangci.yaml index 7d6b684a83683..f716b3d03e3b2 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,9 +1,12 @@ issues: exclude: - - SA1019 - SA5011 max-issues-per-linter: 0 max-same-issues: 0 + exclude-rules: + - path: '(.+)_test\.go' + linters: + - unparam linters: enable: - errcheck @@ -17,8 +20,9 @@ linters: - misspell - staticcheck - testifylint + - unparam - unused - - whitespace + - whitespace linters-settings: gocritic: disabled-checks: @@ -36,8 +40,6 @@ linters-settings: testifylint: enable-all: true disable: - - error-is-as - - float-compare - go-require run: timeout: 50m diff --git a/.mockery.yaml b/.mockery.yaml new file mode 100644 index 0000000000000..3a8b437ef347d --- /dev/null +++ b/.mockery.yaml @@ -0,0 +1,69 @@ +# global config +filename: "{{.InterfaceName}}.go" +dir: "{{.InterfaceDir}}/mocks" +outpkg: "mocks" +mockname: "{{.InterfaceName}}" +with-expecter: false +# individual interface config +packages: + github.com/argoproj/argo-cd/v2/applicationset/generators: + interfaces: + Generator: + github.com/argoproj/argo-cd/v2/applicationset/services: + interfaces: + Repos: + github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider: + config: + dir: "applicationset/services/scm_provider/aws_codecommit/mocks" + interfaces: + AWSCodeCommitClient: + AWSTaggingClient: + github.com/microsoft/azure-devops-go-api/azuredevops/git: + config: + dir: "applicationset/services/scm_provider/azure_devops/git/mocks" + interfaces: + Client: + github.com/argoproj/argo-cd/v2/applicationset/utils: + interfaces: + Renderer: + github.com/argoproj/argo-cd/v2/controller/cache: + interfaces: + LiveStateCache: + github.com/argoproj/argo-cd/v2/reposerver/apiclient: + interfaces: + RepoServerServiceClient: + RepoServerService_GenerateManifestWithFilesClient: + github.com/argoproj/argo-cd/v2/server/application: + interfaces: + Broadcaster: + github.com/argoproj/argo-cd/v2/server/extension: + interfaces: + ApplicationGetter: + ExtensionMetricsRegistry: + ProjectGetter: + RbacEnforcer: + SettingsGetter: + UserGetter: + github.com/argoproj/argo-cd/v2/util/db: + interfaces: + ArgoDB: + github.com/argoproj/argo-cd/v2/util/git: + interfaces: + Client: + github.com/argoproj/argo-cd/v2/util/helm: + interfaces: + Client: + github.com/argoproj/argo-cd/v2/util/io: + interfaces: + TempPaths: + github.com/argoproj/argo-cd/v2/util/notification/argocd: + interfaces: + Service: + # These mocks are not currently used, but they are part of the public API of this package. + github.com/argoproj/argo-cd/v2/pkg/apiclient/session: + interfaces: + SessionServiceServer: + SessionServiceClient: + github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster: + interfaces: + ClusterServiceServer: diff --git a/Dockerfile b/Dockerfile index 5cbb77216d0a7..0621c821e9796 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f AS builder +FROM docker.io/library/golang:1.23.1@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 AS builder RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:22.3.0@sha256:5e4044ff6001d06e7748e35bfa4f80c73cf5f5a7360a1b782995e038a01b0585 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:22.8.0@sha256:bd00c03095f7586432805dbf7989be10361d27987f93de904b1fc003949a4794 AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.23.1@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/Makefile b/Makefile index 6a6f6eff5fda5..bfb1674f6bc1e 100644 --- a/Makefile +++ b/Makefile @@ -193,6 +193,10 @@ endif .PHONY: all all: cli image +.PHONY: mockgen +mockgen: + ./hack/generate-mock.sh + .PHONY: gogen gogen: export GO111MODULE=off @@ -230,13 +234,16 @@ clientgen: clidocsgen: go run tools/cmd-docs/main.go +.PHONY: actionsdocsgen +actionsdocsgen: + hack/generate-actions-list.sh .PHONY: codegen-local -codegen-local: mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local +codegen-local: mod-vendor-local mockgen gogen protogen clientgen openapigen clidocsgen actionsdocsgen manifests-local notification-docs notification-catalog rm -rf vendor/ .PHONY: codegen-local-fast -codegen-local-fast: gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog +codegen-local-fast: mockgen gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog .PHONY: codegen codegen: test-tools-image @@ -248,7 +255,7 @@ cli: test-tools-image .PHONY: cli-local cli-local: clean-debug - CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd + CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -gcflags="all=-N -l" $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd .PHONY: gen-resources-cli-local gen-resources-cli-local: clean-debug @@ -550,7 +557,7 @@ build-docs-local: .PHONY: build-docs build-docs: - $(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs build' + $(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install mkdocs; pip install $$(mkdocs get-deps); mkdocs build' .PHONY: serve-docs-local serve-docs-local: @@ -558,7 +565,7 @@ serve-docs-local: .PHONY: serve-docs serve-docs: - $(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs serve -a $$(ip route get 1 | awk '\''{print $$7}'\''):8000' + $(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install mkdocs; pip install $$(mkdocs get-deps); mkdocs serve -a $$(ip route get 1 | awk '\''{print $$7}'\''):8000' # Verify that kubectl can connect to your K8s cluster from Docker .PHONY: verify-kube-connect diff --git a/Merge-upstream.md b/Merge-upstream.md index 2f98d9fbd1f7a..3d89342abe566 100644 --- a/Merge-upstream.md +++ b/Merge-upstream.md @@ -21,7 +21,7 @@ This docs include info about places where codefresh made it's customizations: 12. `docs` - apply theirs 13. `examples` - apply theirs 14. `hack` - apply theirs -15. `manifests` - merge (it might include codefresh image repositories). Includes v2 event-reporter manifests (often by replacing notifications) +15. `manifests` - accept theirs 16. `notification_controller` - apply theirs 17. `pkg/apis/application/v1alpha` - generatedXXX - apply theirs (than re-generate). types.go - merge (includes our changes with ForceNamespace). 18. `server / application.go` - merge (includes our v1 event-reporter.) diff --git a/OWNERS b/OWNERS index 56e037e282a0a..ca6588fd3d6c8 100644 --- a/OWNERS +++ b/OWNERS @@ -1,5 +1,6 @@ owners: - alexmt +- crenshaw-dev - jessesuen approvers: diff --git a/README.md b/README.md index 707848191c830..397c51161e0b4 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ [![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22) [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield) **Social:** diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index 8ac4bc36b04ae..42db7962eb995 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -3,9 +3,9 @@ header: expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release. last-updated: '2023-10-27' last-reviewed: '2023-10-27' - commit-hash: b71277c6beb949d0199d647a582bc25822b88838 + commit-hash: fe606708859574b9b6102a505e260fac5d3fb14e project-url: https://github.com/argoproj/argo-cd - project-release: v2.9.0-rc3 + project-release: v2.13.0 changelog: https://github.com/argoproj/argo-cd/releases license: https://github.com/argoproj/argo-cd/blob/master/LICENSE project-lifecycle: diff --git a/SOURCE_VERSION b/SOURCE_VERSION index 5a5ee51a13fd1..ce4f690d3c607 100644 --- a/SOURCE_VERSION +++ b/SOURCE_VERSION @@ -1 +1 @@ -2.12.3 \ No newline at end of file +2.13.3 \ No newline at end of file diff --git a/USERS.md b/USERS.md index 609129ee498dd..2b4bbf619739c 100644 --- a/USERS.md +++ b/USERS.md @@ -11,6 +11,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [7shifts](https://www.7shifts.com/) 1. [Adevinta](https://www.adevinta.com/) 1. [Adfinis](https://adfinis.com) +1. [Adobe](https://www.adobe.com/) 1. [Adventure](https://jp.adventurekk.com/) 1. [Adyen](https://www.adyen.com) 1. [AirQo](https://airqo.net/) @@ -29,6 +30,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Arctiq Inc.](https://www.arctiq.ca) 2. [Arturia](https://www.arturia.com) 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/) +1. [Augury](https://www.augury.com/) 1. [Autodesk](https://www.autodesk.com) 1. [Axians ACSP](https://www.axians.fr) 1. [Axual B.V.](https://axual.com) @@ -39,13 +41,16 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Beez Innovation Labs](https://www.beezlabs.com/) 1. [Bedag Informatik AG](https://www.bedag.ch/) 1. [Beleza Na Web](https://www.belezanaweb.com.br/) +1. [Believable Bots](https://believablebots.io) 1. [BigPanda](https://bigpanda.io) 1. [BioBox Analytics](https://biobox.io) 1. [BMW Group](https://www.bmwgroup.com/) 1. [Boozt](https://www.booztgroup.com/) +1. [Bosch](https://www.bosch.com/) 1. [Boticario](https://www.boticario.com.br/) 1. [Broker Consulting, a.s.](https://www.bcas.cz/en/) 1. [Bulder Bank](https://bulderbank.no) +1. [Cabify](https://cabify.com/en) 1. [CAM](https://cam-inc.co.jp) 1. [Camptocamp](https://camptocamp.com) 1. [Candis](https://www.candis.io) @@ -62,12 +67,14 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Cisco ET&I](https://eti.cisco.com/) 1. [Cloud Posse](https://www.cloudposse.com/) 1. [Cloud Scale](https://cloudscaleinc.com/) +1. [CloudScript](https://www.cloudscript.com.br/) 1. [CloudGeometry](https://www.cloudgeometry.io/) 1. [Cloudmate](https://cloudmt.co.kr/) 1. [Cloudogu](https://cloudogu.com/) 1. [Cobalt](https://www.cobalt.io/) 1. [Codefresh](https://www.codefresh.io/) 1. [Codility](https://www.codility.com/) +1. [Cognizant](https://www.cognizant.com/) 1. [Commonbond](https://commonbond.co/) 1. [Contlo](https://contlo.com/) 1. [Coralogix](https://coralogix.com/) @@ -109,9 +116,11 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Freshop, Inc](https://www.freshop.com/) 1. [Future PLC](https://www.futureplc.com/) 1. [G DATA CyberDefense AG](https://www.gdata-software.com/) +1. [G-Research](https://www.gresearch.com/teams/open-source-software/) 1. [Garner](https://www.garnercorp.com) 1. [Generali Deutschland AG](https://www.generali.de/) 1. [Gepardec](https://gepardec.com/) +1. [Getir](https://getir.com) 1. [GetYourGuide](https://www.getyourguide.com/) 1. [Gitpod](https://www.gitpod.io) 1. [Gllue](https://gllue.com) @@ -128,6 +137,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Groww](https://groww.in) 1. [Grupo MasMovil](https://grupomasmovil.com/en/) 1. [Handelsbanken](https://www.handelsbanken.se) +1. [Hazelcast](https://hazelcast.com/) 1. [Healy](https://www.healyworld.net) 1. [Helio](https://helio.exchange) 1. [Hetki](https://hetki.ai) @@ -146,6 +156,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Index Exchange](https://www.indexexchange.com/) 1. [Info Support](https://www.infosupport.com/) 1. [InsideBoard](https://www.insideboard.com) +1. [Instruqt](https://www.instruqt.com) 1. [Intuit](https://www.intuit.com/) 1. [Jellysmack](https://www.jellysmack.com) 1. [Joblift](https://joblift.com/) @@ -155,6 +166,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Karrot](https://www.daangn.com/) 1. [KarrotPay](https://www.daangnpay.com/) 1. [Kasa](https://kasa.co.kr/) +1. [Kave Home](https://kavehome.com) 1. [Keeeb](https://www.keeeb.com/) 1. [KelkooGroup](https://www.kelkoogroup.com) 1. [Keptn](https://keptn.sh) @@ -167,6 +179,8 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Kurly](https://www.kurly.com/) 1. [Kvist](https://kvistsolutions.com) 1. [Kyriba](https://www.kyriba.com/) +1. [LeFigaro](https://www.lefigaro.fr/) +1. [Lely](https://www.lely.com/) 1. [LexisNexis](https://www.lexisnexis.com/) 1. [Lian Chu Securities](https://lczq.com) 1. [Liatrio](https://www.liatrio.com) @@ -196,12 +210,16 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Moengage](https://www.moengage.com/) 1. [Money Forward](https://corp.moneyforward.com/en/) 1. [MOO Print](https://www.moo.com/) +1. [Mozilla](https://www.mozilla.org) 1. [MTN Group](https://www.mtn.com/) +1. [Municipality of The Hague](https://www.denhaag.nl/) +1. [My Job Glasses](https://myjobglasses.com) 1. [Natura &Co](https://naturaeco.com/) 1. [Nethopper](https://nethopper.io) 1. [New Relic](https://newrelic.com/) 1. [Nextbasket](https://nextbasket.com) 1. [Nextdoor](https://nextdoor.com/) +1. [Next Fit Sistemas](https://nextfit.com.br/) 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/) 1. [Nitro](https://gonitro.com) 1. [NYCU, CS IT Center](https://it.cs.nycu.edu.tw) @@ -213,6 +231,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [omegaUp](https://omegaUp.com) 1. [Omni](https://omni.se/) 1. [Oncourse Home Solutions](https://oncoursehome.com/) +1. [Open Analytics](https://openanalytics.eu) 1. [openEuler](https://openeuler.org) 1. [openGauss](https://opengauss.org/) 1. [OpenGov](https://opengov.com) @@ -245,6 +264,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [PostFinance](https://github.com/postfinance) 1. [Preferred Networks](https://preferred.jp/en/) 1. [Previder BV](https://previder.nl) +1. [Priceline](https://priceline.com) 1. [Procore](https://www.procore.com) 1. [Productboard](https://www.productboard.com/) 1. [Prudential](https://prudential.com.sg) @@ -260,6 +280,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Redpill Linpro](https://www.redpill-linpro.com/) 1. [Reenigne Cloud](https://reenigne.ca) 1. [reev.com](https://www.reev.com/) +1. [Relex Solutions](https://www.relexsolutions.com/) 1. [RightRev](https://rightrev.com/) 1. [Rijkswaterstaat](https://www.rijkswaterstaat.nl/en) 1. [Rise](https://www.risecard.eu/) @@ -276,10 +297,13 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Schwarz IT](https://jobs.schwarz/it-mission) 1. [SCRM Lidl International Hub](https://scrm.lidl) 1. [SEEK](https://seek.com.au) +1. [SEKAI](https://www.sekai.io/) 1. [Semgrep](https://semgrep.com) 1. [Shield](https://shield.com) 1. [SI Analytics](https://si-analytics.ai) +1. [Sidewalk Entertainment](https://sidewalkplay.com/) 1. [Skit](https://skit.ai/) +1. [Skribble](https://skribble.com) 1. [Skyscanner](https://www.skyscanner.net/) 1. [Smart Pension](https://www.smartpension.co.uk/) 1. [Smilee.io](https://smilee.io) diff --git a/VERSION b/VERSION index b86bfb3bb36ae..70ddfc7f38e66 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.12.3-2024.12.17-4d75d35f4 \ No newline at end of file +2.13.3-2024.12.17-4d75d35f4 \ No newline at end of file diff --git a/acr_controller/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/acr_controller/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..0595bc425a8fc --- /dev/null +++ b/acr_controller/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,180 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetFolderWithContext") + } + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithContext") + } + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListBranchesWithContext") + } + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListRepositoriesWithContext") + } + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSCodeCommitClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/acr_controller/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/acr_controller/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..a029d785cc2fb --- /dev/null +++ b/acr_controller/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,68 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetResourcesWithContext") + } + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSTaggingClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/acr_controller/application/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/acr_controller/application/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go new file mode 100644 index 0000000000000..c3cf024d882fe --- /dev/null +++ b/acr_controller/application/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -0,0 +1,3335 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + core "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" + + io "io" + + mock "github.com/stretchr/testify/mock" + + webapi "github.com/microsoft/azure-devops-go-api/azuredevops/webapi" +) + +// Client is an autogenerated mock type for the Client type +type Client struct { + mock.Mock +} + +// CreateAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAttachment") + } + + var r0 *git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCommitStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCommitStatus") + } + + var r0 *git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CreateMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePush provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeleteAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteAttachment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteComment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestIterationStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestLabels") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestReviewer") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRefFavorite") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepository") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepositoryFromRecycleBin") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachments") + } + + var r0 *[]git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlob provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlob") + } + + var r0 *git.GitBlobRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBlobRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobsZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobsZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranch") + } + + var r0 *git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranches provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranches") + } + + var r0 *[]git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetChanges") + } + + var r0 *git.GitCommitChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPickForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPickForRefName") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComments") + } + + var r0 *[]git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommit provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommit") + } + + var r0 *git.GitCommit + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommit) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitDiffs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitDiffs") + } + + var r0 *git.GitCommitDiffs + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitDiffs) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitsBatch") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetDeletedRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetDeletedRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequests") + } + + var r0 *[]git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForks provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForks") + } + + var r0 *[]git.GitRepositoryRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepositoryRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItem provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItem") + } + + var r0 *git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemText provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemText") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItems provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItems") + } + + var r0 *[]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemsBatch") + } + + var r0 *[][]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[][]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetLikes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetLikes") + } + + var r0 *[]webapi.IdentityRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.IdentityRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeBases provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeBases") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPolicyConfigurations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPolicyConfigurations") + } + + var r0 *git.GitPolicyConfigurationResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPolicyConfigurationResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestById provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestById") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestCommits") + } + + var r0 *git.GetPullRequestCommitsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetPullRequestCommitsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIteration provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIteration") + } + + var r0 *git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationChanges") + } + + var r0 *git.GitPullRequestIterationChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIterationChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterations") + } + + var r0 *[]git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabels") + } + + var r0 *[]core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestQuery provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestQuery") + } + + var r0 *git.GitPullRequestQuery + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestQuery) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestWorkItemRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestWorkItemRefs") + } + + var r0 *[]webapi.ResourceRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.ResourceRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequests") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestsByProject provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestsByProject") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPush provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushes") + } + + var r0 *[]git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRecycleBinRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRecycleBinRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorites provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorites") + } + + var r0 *[]git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefs") + } + + var r0 *git.GetRefsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetRefsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositories") + } + + var r0 *[]git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithParent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithParent") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevertForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevertForRefName") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetStatuses") + } + + var r0 *[]git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetSuggestions provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetSuggestions") + } + + var r0 *[]git.GitSuggestion + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitSuggestion) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetThreads provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetThreads") + } + + var r0 *[]git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTree provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTree") + } + + var r0 *git.GitTreeRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitTreeRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTreeZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTreeZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// QueryImportRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for QueryImportRequests") + } + + var r0 *[]git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RestoreRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for RestoreRepositoryFromRecycleBin") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SharePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for SharePullRequest") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestIterationStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestReviewers") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateRef provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRef") + } + + var r0 *git.GitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRefs") + } + + var r0 *[]git.GitRefUpdateResult + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefUpdateResult) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/acr_controller/application/client.go b/acr_controller/application/client.go index ed09e3e0f5f17..32f309bb3c822 100644 --- a/acr_controller/application/client.go +++ b/acr_controller/application/client.go @@ -55,7 +55,7 @@ func NewHttpApplicationClient(token string, address string, rootpath string) App } } -func (c *httpApplicationClient) execute(ctx context.Context, url string, result interface{}, printBody ...bool) error { +func (c *httpApplicationClient) execute(ctx context.Context, url string, result interface{}) error { req, err := http.NewRequestWithContext(ctx, "GET", url, nil) if err != nil { return err diff --git a/acr_controller/controller/controller.go b/acr_controller/controller/controller.go index 61be564b7a02b..f759fd4e4076e 100644 --- a/acr_controller/controller/controller.go +++ b/acr_controller/controller/controller.go @@ -51,7 +51,7 @@ func NewApplicationChangeRevisionController(appInformer cache.SharedIndexInforme func (c *applicationChangeRevisionController) Run(ctx context.Context) { var logCtx log.FieldLogger = log.StandardLogger() - calculateIfPermitted := func(ctx context.Context, a appv1.Application, eventType watch.EventType, ts string) error { + calculateIfPermitted := func(ctx context.Context, a appv1.Application, eventType watch.EventType, ts string) error { //nolint:golint,unparam if eventType == watch.Bookmark || eventType == watch.Deleted { return nil // ignore this event } diff --git a/acr_controller/server.go b/acr_controller/server.go index 9e0bfeb4a4988..f9afb5d755678 100644 --- a/acr_controller/server.go +++ b/acr_controller/server.go @@ -111,7 +111,7 @@ func (a *ACRServer) RunController(ctx context.Context) { // newHTTPServer returns the HTTP server to serve HTTP/HTTPS requests. This is implemented // using grpc-gateway as a proxy to the gRPC server. -func (a *ACRServer) newHTTPServer(ctx context.Context, port int) *http.Server { +func (a *ACRServer) newHTTPServer(ctx context.Context, port int) *http.Server { //nolint:golint,unparam endpoint := fmt.Sprintf("localhost:%d", port) mux := http.NewServeMux() httpS := http.Server{ diff --git a/acr_controller/service/acr_service.go b/acr_controller/service/acr_service.go index 1cbcbe724e2ac..04289a538efc2 100644 --- a/acr_controller/service/acr_service.go +++ b/acr_controller/service/acr_service.go @@ -8,7 +8,7 @@ import ( log "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" argoclient "github.com/argoproj/argo-cd/v2/acr_controller/application" appclient "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -105,10 +105,10 @@ func (c *acrService) calculateRevision(ctx context.Context, a *application.Appli currentRevision, previousRevision := c.getRevisions(ctx, a) c.logger.Infof("Calculate revision for application '%s', current revision '%s', previous revision '%s'", a.Name, currentRevision, previousRevision) changeRevisionResult, err := c.applicationServiceClient.GetChangeRevision(ctx, &appclient.ChangeRevisionRequest{ - AppName: pointer.String(a.GetName()), - Namespace: pointer.String(a.GetNamespace()), - CurrentRevision: pointer.String(currentRevision), - PreviousRevision: pointer.String(previousRevision), + AppName: ptr.To(a.GetName()), + Namespace: ptr.To(a.GetNamespace()), + CurrentRevision: ptr.To(currentRevision), + PreviousRevision: ptr.To(previousRevision), }) if err != nil { return nil, err @@ -179,7 +179,7 @@ func getCurrentRevisionFromOperation(a *application.Application) string { return "" } -func (c *acrService) getRevisions(ctx context.Context, a *application.Application) (string, string) { +func (c *acrService) getRevisions(_ context.Context, a *application.Application) (string, string) { if a.Status.History == nil || len(a.Status.History) == 0 { // it is first sync operation, and we have only current revision return getCurrentRevisionFromOperation(a), "" diff --git a/acr_controller/service/acr_service_test.go b/acr_controller/service/acr_service_test.go index 6313481233072..c4fe74125944e 100644 --- a/acr_controller/service/acr_service_test.go +++ b/acr_controller/service/acr_service_test.go @@ -17,7 +17,7 @@ import ( "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" ) @@ -270,7 +270,7 @@ func Test_ChangeRevision(r *testing.T) { r.Run("Change revision", func(t *testing.T) { client := &mocks.ApplicationClient{} client.On("GetChangeRevision", mock.Anything, mock.Anything).Return(&appclient.ChangeRevisionResponse{ - Revision: pointer.String("new-revision"), + Revision: ptr.To("new-revision"), }, nil) acrService := newTestACRService(client) app := createTestApp(syncedAppWithHistory) @@ -287,7 +287,7 @@ func Test_ChangeRevision(r *testing.T) { r.Run("Change revision already exists", func(t *testing.T) { client := &mocks.ApplicationClient{} client.On("GetChangeRevision", mock.Anything, mock.Anything).Return(&appclient.ChangeRevisionResponse{ - Revision: pointer.String("new-revision"), + Revision: ptr.To("new-revision"), }, nil) logger, logHook := test2.NewNullLogger() diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 7208836f2ea75..55745d4e4903b 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "reflect" + "sort" "strings" "time" @@ -32,6 +33,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/record" + "k8s.io/client-go/util/retry" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -41,11 +43,13 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" + "github.com/argoproj/argo-cd/v2/applicationset/controllers/template" "github.com/argoproj/argo-cd/v2/applicationset/generators" + "github.com/argoproj/argo-cd/v2/applicationset/metrics" + "github.com/argoproj/argo-cd/v2/applicationset/status" "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/db" - "github.com/argoproj/argo-cd/v2/util/glob" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" @@ -86,6 +90,7 @@ type ApplicationSetReconciler struct { SCMRootCAPath string GlobalPreservedAnnotations []string GlobalPreservedLabels []string + Metrics *metrics.ApplicationsetMetrics } // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets,verbs=get;list;watch;create;update;patch;delete @@ -96,7 +101,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque var applicationSetInfo argov1alpha1.ApplicationSet parametersGenerated := false - + startTime := time.Now() if err := r.Get(ctx, req.NamespacedName, &applicationSetInfo); err != nil { if client.IgnoreNotFound(err) != nil { logCtx.WithError(err).Infof("unable to get ApplicationSet: '%v' ", err) @@ -104,6 +109,10 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque return ctrl.Result{}, client.IgnoreNotFound(err) } + defer func() { + r.Metrics.ObserveReconcile(&applicationSetInfo, time.Since(startTime)) + }() + // Do not attempt to further reconcile the ApplicationSet if it is being deleted. if applicationSetInfo.ObjectMeta.DeletionTimestamp != nil { appsetName := applicationSetInfo.ObjectMeta.Name @@ -131,7 +140,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // Log a warning if there are unrecognized generators _ = utils.CheckInvalidGenerators(&applicationSetInfo) // desiredApplications is the main list of all expected Applications from all generators in this appset. - desiredApplications, applicationSetReason, err := r.generateApplications(logCtx, applicationSetInfo) + desiredApplications, applicationSetReason, err := template.GenerateApplications(logCtx, applicationSetInfo, r.Generators, r.Renderer, r.Client) if err != nil { _ = r.setApplicationSetStatusCondition(ctx, &applicationSetInfo, @@ -237,20 +246,8 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque if r.EnableProgressiveSyncs { // trigger appropriate application syncs if RollingSync strategy is enabled - if progressiveSyncsStrategyEnabled(&applicationSetInfo, "RollingSync") { - validApps, err = r.syncValidApplications(logCtx, &applicationSetInfo, appSyncMap, appMap, validApps) - if err != nil { - _ = r.setApplicationSetStatusCondition(ctx, - &applicationSetInfo, - argov1alpha1.ApplicationSetCondition{ - Type: argov1alpha1.ApplicationSetConditionErrorOccurred, - Message: err.Error(), - Reason: argov1alpha1.ApplicationSetReasonSyncApplicationError, - Status: argov1alpha1.ApplicationSetConditionStatusTrue, - }, parametersGenerated, - ) - return ctrl.Result{}, err - } + if progressiveSyncsRollingSyncStrategyEnabled(&applicationSetInfo) { + validApps = r.syncValidApplications(logCtx, &applicationSetInfo, appSyncMap, appMap, validApps) } } @@ -404,8 +401,21 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context. paramtersGeneratedCondition := getParametersGeneratedCondition(paramtersGenerated, condition.Message) resourceUpToDateCondition := getResourceUpToDateCondition(errOccurred, condition.Message, condition.Reason) + evaluatedTypes := map[argov1alpha1.ApplicationSetConditionType]bool{ + argov1alpha1.ApplicationSetConditionErrorOccurred: true, + argov1alpha1.ApplicationSetConditionParametersGenerated: true, + argov1alpha1.ApplicationSetConditionResourcesUpToDate: true, + } newConditions := []argov1alpha1.ApplicationSetCondition{errOccurredCondition, paramtersGeneratedCondition, resourceUpToDateCondition} + if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) { + evaluatedTypes[argov1alpha1.ApplicationSetConditionRolloutProgressing] = true + + if condition.Type == argov1alpha1.ApplicationSetConditionRolloutProgressing { + newConditions = append(newConditions, condition) + } + } + needToUpdateConditions := false for _, condition := range newConditions { // do nothing if appset already has same condition @@ -416,28 +426,32 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context. } } } - evaluatedTypes := map[argov1alpha1.ApplicationSetConditionType]bool{ - argov1alpha1.ApplicationSetConditionErrorOccurred: true, - argov1alpha1.ApplicationSetConditionParametersGenerated: true, - argov1alpha1.ApplicationSetConditionResourcesUpToDate: true, - } - if needToUpdateConditions || len(applicationSet.Status.Conditions) < 3 { + if needToUpdateConditions || len(applicationSet.Status.Conditions) < len(newConditions) { // fetch updated Application Set object before updating it - namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name} - if err := r.Get(ctx, namespacedName, applicationSet); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil + // DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms + err := retry.RetryOnConflict(retry.DefaultRetry, func() error { + namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name} + updatedAppset := &argov1alpha1.ApplicationSet{} + if err := r.Get(ctx, namespacedName, updatedAppset); err != nil { + if client.IgnoreNotFound(err) != nil { + return nil + } + return fmt.Errorf("error fetching updated application set: %w", err) } - return fmt.Errorf("error fetching updated application set: %w", err) - } - applicationSet.Status.SetConditions( - newConditions, evaluatedTypes, - ) + updatedAppset.Status.SetConditions( + newConditions, evaluatedTypes, + ) - // Update the newly fetched object with new set of conditions - err := r.Client.Status().Update(ctx, applicationSet) + // Update the newly fetched object with new set of conditions + err := r.Client.Status().Update(ctx, updatedAppset) + if err != nil { + return err + } + updatedAppset.DeepCopyInto(applicationSet) + return nil + }) if err != nil && !apierr.IsNotFound(err) { return fmt.Errorf("unable to set application set condition: %w", err) } @@ -495,92 +509,10 @@ func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1 return res } -func getTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application { - var tmplApplication argov1alpha1.Application - tmplApplication.Annotations = applicationSetTemplate.Annotations - tmplApplication.Labels = applicationSetTemplate.Labels - tmplApplication.Namespace = applicationSetTemplate.Namespace - tmplApplication.Name = applicationSetTemplate.Name - tmplApplication.Spec = applicationSetTemplate.Spec - tmplApplication.Finalizers = applicationSetTemplate.Finalizers - - return &tmplApplication -} - -func (r *ApplicationSetReconciler) generateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) { - var res []argov1alpha1.Application - - var firstError error - var applicationSetReason argov1alpha1.ApplicationSetReasonType - - for _, requestedGenerator := range applicationSetInfo.Spec.Generators { - t, err := generators.Transform(requestedGenerator, r.Generators, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}, r.Client) - if err != nil { - logCtx.WithError(err).WithField("generator", requestedGenerator). - Error("error generating application from params") - if firstError == nil { - firstError = err - applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError - } - continue - } - - for _, a := range t { - tmplApplication := getTempApplication(a.Template) - - for _, p := range a.Params { - app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) - if err != nil { - logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). - Error("error generating application from params") - - if firstError == nil { - firstError = err - applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError - } - continue - } - - if applicationSetInfo.Spec.TemplatePatch != nil { - patchedApplication, err := r.applyTemplatePatch(app, applicationSetInfo, p) - if err != nil { - log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). - Error("error generating application from params") - - if firstError == nil { - firstError = err - applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError - } - continue - } - - app = patchedApplication - } - - res = append(res, *app) - } - } - - logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res)) - logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res) - } - - return res, applicationSetReason, firstError -} - -func (r *ApplicationSetReconciler) applyTemplatePatch(app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) { - replacedTemplate, err := r.Renderer.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) - if err != nil { - return nil, fmt.Errorf("error replacing values in templatePatch: %w", err) - } - - return applyTemplatePatch(app, replacedTemplate) -} - func ignoreNotAllowedNamespaces(namespaces []string) predicate.Predicate { return predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { - return glob.MatchStringInList(namespaces, e.Object.GetNamespace(), glob.REGEXP) + return utils.IsNamespaceAllowed(namespaces, e.Object.GetNamespace()) }, } } @@ -631,10 +563,6 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, var firstError error // Creates or updates the application in appList for _, generatedApp := range desiredApplications { - // The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace - // security boundary. - generatedApp.Namespace = applicationSet.Namespace - appLog := logCtx.WithFields(log.Fields{"app": generatedApp.QualifiedName()}) // Normalize to avoid fighting with the application controller. @@ -904,14 +832,14 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte func (r *ApplicationSetReconciler) removeOwnerReferencesOnDeleteAppSet(ctx context.Context, applicationSet argov1alpha1.ApplicationSet) error { applications, err := r.getCurrentApplications(ctx, applicationSet) if err != nil { - return err + return fmt.Errorf("error getting current applications for ApplicationSet: %w", err) } for _, app := range applications { app.SetOwnerReferences([]metav1.OwnerReference{}) err := r.Client.Update(ctx, &app) if err != nil { - return err + return fmt.Errorf("error updating application: %w", err) } } @@ -919,12 +847,9 @@ func (r *ApplicationSetReconciler) removeOwnerReferencesOnDeleteAppSet(ctx conte } func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context, logCtx *log.Entry, appset argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, desiredApplications []argov1alpha1.Application, appMap map[string]argov1alpha1.Application) (map[string]bool, error) { - appDependencyList, appStepMap, err := r.buildAppDependencyList(logCtx, appset, desiredApplications) - if err != nil { - return nil, fmt.Errorf("failed to build app dependency list: %w", err) - } + appDependencyList, appStepMap := r.buildAppDependencyList(logCtx, appset, desiredApplications) - _, err = r.updateApplicationSetApplicationStatus(ctx, logCtx, &appset, applications, appStepMap) + _, err := r.updateApplicationSetApplicationStatus(ctx, logCtx, &appset, applications, appStepMap) if err != nil { return nil, fmt.Errorf("failed to update applicationset app status: %w", err) } @@ -934,34 +859,27 @@ func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context, logCtx.Infof("step %v: %+v", i+1, step) } - appSyncMap, err := r.buildAppSyncMap(ctx, appset, appDependencyList, appMap) - if err != nil { - return nil, fmt.Errorf("failed to build app sync map: %w", err) - } - + appSyncMap := r.buildAppSyncMap(appset, appDependencyList, appMap) logCtx.Infof("Application allowed to sync before maxUpdate?: %+v", appSyncMap) - _, err = r.updateApplicationSetApplicationStatusProgress(ctx, logCtx, &appset, appSyncMap, appStepMap, appMap) + _, err = r.updateApplicationSetApplicationStatusProgress(ctx, logCtx, &appset, appSyncMap, appStepMap) if err != nil { return nil, fmt.Errorf("failed to update applicationset application status progress: %w", err) } - _, err = r.updateApplicationSetApplicationStatusConditions(ctx, &appset) - if err != nil { - return nil, fmt.Errorf("failed to update applicationset application status conditions: %w", err) - } + _ = r.updateApplicationSetApplicationStatusConditions(ctx, &appset) return appSyncMap, nil } // this list tracks which Applications belong to each RollingUpdate step -func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, applications []argov1alpha1.Application) ([][]string, map[string]int, error) { +func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, applications []argov1alpha1.Application) ([][]string, map[string]int) { if applicationSet.Spec.Strategy == nil || applicationSet.Spec.Strategy.Type == "" || applicationSet.Spec.Strategy.Type == "AllAtOnce" { - return [][]string{}, map[string]int{}, nil + return [][]string{}, map[string]int{} } steps := []argov1alpha1.ApplicationSetRolloutStep{} - if progressiveSyncsStrategyEnabled(&applicationSet, "RollingSync") { + if progressiveSyncsRollingSyncStrategyEnabled(&applicationSet) { steps = applicationSet.Spec.Strategy.RollingSync.Steps } @@ -1002,7 +920,7 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, app } } - return appDependencyList, appStepMap, nil + return appDependencyList, appStepMap } func labelMatchedExpression(logCtx *log.Entry, val string, matchExpression argov1alpha1.ApplicationMatchExpression) bool { @@ -1026,7 +944,7 @@ func labelMatchedExpression(logCtx *log.Entry, val string, matchExpression argov } // this map is used to determine which stage of Applications are ready to be updated in the reconciler loop -func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicationSet argov1alpha1.ApplicationSet, appDependencyList [][]string, appMap map[string]argov1alpha1.Application) (map[string]bool, error) { +func (r *ApplicationSetReconciler) buildAppSyncMap(applicationSet argov1alpha1.ApplicationSet, appDependencyList [][]string, appMap map[string]argov1alpha1.Application) map[string]bool { appSyncMap := map[string]bool{} syncEnabled := true @@ -1063,11 +981,11 @@ func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicat } } - return appSyncMap, nil + return appSyncMap } func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1alpha1.Application, appStatus argov1alpha1.ApplicationSetApplicationStatus) bool { - if progressiveSyncsStrategyEnabled(appset, "RollingSync") { + if progressiveSyncsRollingSyncStrategyEnabled(appset) { // we still need to complete the current step if the Application is not yet Healthy or there are still pending Application changes return isApplicationHealthy(app) && appStatus.Status == "Healthy" } @@ -1075,16 +993,8 @@ func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1al return true } -func progressiveSyncsStrategyEnabled(appset *argov1alpha1.ApplicationSet, strategyType string) bool { - if appset.Spec.Strategy == nil || appset.Spec.Strategy.Type != strategyType { - return false - } - - if strategyType == "RollingSync" && appset.Spec.Strategy.RollingSync == nil { - return false - } - - return true +func progressiveSyncsRollingSyncStrategyEnabled(appset *argov1alpha1.ApplicationSet) bool { + return appset.Spec.Strategy != nil && appset.Spec.Strategy.RollingSync != nil && appset.Spec.Strategy.Type == "RollingSync" && len(appset.Spec.Strategy.RollingSync.Steps) > 0 } func isApplicationHealthy(app argov1alpha1.Application) bool { @@ -1107,6 +1017,16 @@ func statusStrings(app argov1alpha1.Application) (string, string, string) { return healthStatusString, syncStatusString, operationPhaseString } +func getAppStep(appName string, appStepMap map[string]int) int { + // if an application is not selected by any match expression, it defaults to step -1 + step := -1 + if appStep, ok := appStepMap[appName]; ok { + // 1-based indexing + step = appStep + 1 + } + return step +} + // check the status of each Application's status and promote Applications to the next status if needed func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, appStepMap map[string]int) ([]argov1alpha1.ApplicationSetApplicationStatus, error) { now := metav1.Now() @@ -1126,7 +1046,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con LastTransitionTime: &now, Message: "No Application status found, defaulting status to Waiting.", Status: "Waiting", - Step: fmt.Sprint(appStepMap[app.Name] + 1), + Step: fmt.Sprint(getAppStep(app.Name, appStepMap)), TargetRevisions: app.Status.GetRevisions(), } } else { @@ -1136,13 +1056,13 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con // upgrade any existing AppStatus that might have been set by an older argo-cd version // note: currentAppStatus.TargetRevisions may be set to empty list earlier during migrations, // to prevent other usage of r.Client.Status().Update to fail before reaching here. - if currentAppStatus.TargetRevisions == nil || len(currentAppStatus.TargetRevisions) == 0 { + if len(currentAppStatus.TargetRevisions) == 0 { currentAppStatus.TargetRevisions = app.Status.GetRevisions() } } appOutdated := false - if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") { + if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) { appOutdated = syncStatusString == "OutOfSync" } @@ -1151,7 +1071,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con currentAppStatus.LastTransitionTime = &now currentAppStatus.Status = "Waiting" currentAppStatus.Message = "Application has pending changes, setting status to Waiting." - currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) + currentAppStatus.Step = fmt.Sprint(getAppStep(currentAppStatus.Application, appStepMap)) currentAppStatus.TargetRevisions = app.Status.GetRevisions() } @@ -1169,14 +1089,14 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con currentAppStatus.LastTransitionTime = &now currentAppStatus.Status = "Progressing" currentAppStatus.Message = "Application resource completed a sync successfully, updating status from Pending to Progressing." - currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) + currentAppStatus.Step = fmt.Sprint(getAppStep(currentAppStatus.Application, appStepMap)) } } else if operationPhaseString == "Running" || healthStatusString == "Progressing" { logCtx.Infof("Application %v has entered Progressing status, updating its ApplicationSet status to Progressing", app.Name) currentAppStatus.LastTransitionTime = &now currentAppStatus.Status = "Progressing" currentAppStatus.Message = "Application resource became Progressing, updating status from Pending to Progressing." - currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) + currentAppStatus.Step = fmt.Sprint(getAppStep(currentAppStatus.Application, appStepMap)) } } @@ -1185,7 +1105,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con currentAppStatus.LastTransitionTime = &now currentAppStatus.Status = healthStatusString currentAppStatus.Message = "Application resource is already Healthy, updating status from Waiting to Healthy." - currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) + currentAppStatus.Step = fmt.Sprint(getAppStep(currentAppStatus.Application, appStepMap)) } if currentAppStatus.Status == "Progressing" && isApplicationHealthy(app) { @@ -1193,7 +1113,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con currentAppStatus.LastTransitionTime = &now currentAppStatus.Status = healthStatusString currentAppStatus.Message = "Application resource became Healthy, updating status from Progressing to Healthy." - currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) + currentAppStatus.Step = fmt.Sprint(getAppStep(currentAppStatus.Application, appStepMap)) } appStatuses = append(appStatuses, currentAppStatus) @@ -1208,20 +1128,18 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con } // check Applications that are in Waiting status and promote them to Pending if needed -func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appStepMap map[string]int, appMap map[string]argov1alpha1.Application) ([]argov1alpha1.ApplicationSetApplicationStatus, error) { +func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appStepMap map[string]int) ([]argov1alpha1.ApplicationSetApplicationStatus, error) { now := metav1.Now() appStatuses := make([]argov1alpha1.ApplicationSetApplicationStatus, 0, len(applicationSet.Status.ApplicationStatus)) // if we have no RollingUpdate steps, clear out the existing ApplicationStatus entries - if applicationSet.Spec.Strategy != nil && applicationSet.Spec.Strategy.Type != "" && applicationSet.Spec.Strategy.Type != "AllAtOnce" { + if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) { updateCountMap := []int{} totalCountMap := []int{} - length := 0 - if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") { - length = len(applicationSet.Spec.Strategy.RollingSync.Steps) - } + length := len(applicationSet.Spec.Strategy.RollingSync.Steps) + for s := 0; s < length; s++ { updateCountMap = append(updateCountMap, 0) totalCountMap = append(totalCountMap, 0) @@ -1231,17 +1149,15 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress for _, appStatus := range applicationSet.Status.ApplicationStatus { totalCountMap[appStepMap[appStatus.Application]] += 1 - if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") { - if appStatus.Status == "Pending" || appStatus.Status == "Progressing" { - updateCountMap[appStepMap[appStatus.Application]] += 1 - } + if appStatus.Status == "Pending" || appStatus.Status == "Progressing" { + updateCountMap[appStepMap[appStatus.Application]] += 1 } } for _, appStatus := range applicationSet.Status.ApplicationStatus { maxUpdateAllowed := true maxUpdate := &intstr.IntOrString{} - if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") { + if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) { maxUpdate = applicationSet.Spec.Strategy.RollingSync.Steps[appStepMap[appStatus.Application]].MaxUpdate } @@ -1259,7 +1175,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress if updateCountMap[appStepMap[appStatus.Application]] >= maxUpdateVal { maxUpdateAllowed = false - logCtx.Infof("Application %v is not allowed to update yet, %v/%v Applications already updating in step %v in AppSet %v", appStatus.Application, updateCountMap[appStepMap[appStatus.Application]], maxUpdateVal, appStepMap[appStatus.Application]+1, applicationSet.Name) + logCtx.Infof("Application %v is not allowed to update yet, %v/%v Applications already updating in step %v in AppSet %v", appStatus.Application, updateCountMap[appStepMap[appStatus.Application]], maxUpdateVal, getAppStep(appStatus.Application, appStepMap), applicationSet.Name) } } @@ -1268,7 +1184,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress appStatus.LastTransitionTime = &now appStatus.Status = "Pending" appStatus.Message = "Application moved to Pending status, watching for the Application resource to start Progressing." - appStatus.Step = fmt.Sprint(appStepMap[appStatus.Application] + 1) + appStatus.Step = fmt.Sprint(getAppStep(appStatus.Application, appStepMap)) updateCountMap[appStepMap[appStatus.Application]] += 1 } @@ -1285,7 +1201,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress return appStatuses, nil } -func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditions(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet) ([]argov1alpha1.ApplicationSetCondition, error) { +func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditions(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet) []argov1alpha1.ApplicationSetCondition { appSetProgressing := false for _, appStatus := range applicationSet.Status.ApplicationStatus { if appStatus.Status != "Healthy" { @@ -1310,7 +1226,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditio Message: "ApplicationSet Rollout Rollout started", Reason: argov1alpha1.ApplicationSetReasonApplicationSetModified, Status: argov1alpha1.ApplicationSetConditionStatusTrue, - }, false, + }, true, ) } else if !appSetProgressing && appSetConditionProgressing { _ = r.setApplicationSetStatusCondition(ctx, @@ -1320,11 +1236,11 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditio Message: "ApplicationSet Rollout Rollout complete", Reason: argov1alpha1.ApplicationSetReasonApplicationSetRolloutComplete, Status: argov1alpha1.ApplicationSetConditionStatusFalse, - }, false, + }, true, ) } - return applicationSet.Status.Conditions, nil + return applicationSet.Status.Conditions } func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplicationStatus, application string) int { @@ -1350,93 +1266,75 @@ func (r *ApplicationSetReconciler) migrateStatus(ctx context.Context, appset *ar } if update { - if err := r.Client.Status().Update(ctx, appset); err != nil { - return fmt.Errorf("unable to set application set status: %w", err) + // DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms + err := retry.RetryOnConflict(retry.DefaultRetry, func() error { + namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} + updatedAppset := &argov1alpha1.ApplicationSet{} + if err := r.Get(ctx, namespacedName, updatedAppset); err != nil { + if client.IgnoreNotFound(err) != nil { + return nil + } + return fmt.Errorf("error fetching updated application set: %w", err) + } + + updatedAppset.Status.ApplicationStatus = appset.Status.ApplicationStatus + + // Update the newly fetched object with new set of ApplicationStatus + err := r.Client.Status().Update(ctx, updatedAppset) + if err != nil { + return err + } + updatedAppset.DeepCopyInto(appset) + return nil + }) + if err != nil && !apierr.IsNotFound(err) { + return fmt.Errorf("unable to set application set condition: %w", err) } } return nil } func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error { - statusMap := getResourceStatusMap(appset) - statusMap = buildResourceStatus(statusMap, apps) + statusMap := status.GetResourceStatusMap(appset) + statusMap = status.BuildResourceStatus(statusMap, apps) statuses := []argov1alpha1.ResourceStatus{} for _, status := range statusMap { statuses = append(statuses, status) } + sort.Slice(statuses, func(i, j int) bool { + return statuses[i].Name < statuses[j].Name + }) appset.Status.Resources = statuses - - namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} - err := r.Client.Status().Update(ctx, appset) - if err != nil { - logCtx.Errorf("unable to set application set status: %v", err) - return fmt.Errorf("unable to set application set status: %w", err) - } - - if err := r.Get(ctx, namespacedName, appset); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %w", err) - } - - return nil -} - -func buildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus { - appMap := map[string]argov1alpha1.Application{} - for _, app := range apps { - appCopy := app - appMap[app.Name] = app - - gvk := app.GroupVersionKind() - // Create status if it does not exist - status, ok := statusMap[app.Name] - if !ok { - status = argov1alpha1.ResourceStatus{ - Group: gvk.Group, - Version: gvk.Version, - Kind: gvk.Kind, - Name: app.Name, - Namespace: app.Namespace, - Status: app.Status.Sync.Status, - Health: &appCopy.Status.Health, + // DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms + err := retry.RetryOnConflict(retry.DefaultRetry, func() error { + namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} + updatedAppset := &argov1alpha1.ApplicationSet{} + if err := r.Get(ctx, namespacedName, updatedAppset); err != nil { + if client.IgnoreNotFound(err) != nil { + return nil } + return fmt.Errorf("error fetching updated application set: %w", err) } - status.Group = gvk.Group - status.Version = gvk.Version - status.Kind = gvk.Kind - status.Name = app.Name - status.Namespace = app.Namespace - status.Status = app.Status.Sync.Status - status.Health = &appCopy.Status.Health + updatedAppset.Status.Resources = appset.Status.Resources - statusMap[app.Name] = status - } - cleanupDeletedApplicationStatuses(statusMap, appMap) - - return statusMap -} - -func getResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus { - statusMap := map[string]argov1alpha1.ResourceStatus{} - for _, status := range appset.Status.Resources { - statusMap[status.Name] = status - } - return statusMap -} - -func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) { - for name := range statusMap { - if _, ok := apps[name]; !ok { - delete(statusMap, name) + // Update the newly fetched object with new status resources + err := r.Client.Status().Update(ctx, updatedAppset) + if err != nil { + return err } + updatedAppset.DeepCopyInto(appset) + return nil + }) + if err != nil { + logCtx.Errorf("unable to set application set status: %v", err) + return fmt.Errorf("unable to set application set status: %w", err) } + return nil } -// setApplicationSetApplicationStatus updates the ApplicationSet's status field +// setAppSetApplicationStatus updates the ApplicationSet's status field // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { needToUpdateStatus := false @@ -1467,26 +1365,36 @@ func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Contex for i := range applicationStatuses { applicationSet.Status.SetApplicationStatus(applicationStatuses[i]) } + // DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms + err := retry.RetryOnConflict(retry.DefaultRetry, func() error { + updatedAppset := &argov1alpha1.ApplicationSet{} + if err := r.Get(ctx, namespacedName, updatedAppset); err != nil { + if client.IgnoreNotFound(err) != nil { + return nil + } + return fmt.Errorf("error fetching updated application set: %w", err) + } - // Update the newly fetched object with new set of ApplicationStatus - err := r.Client.Status().Update(ctx, applicationSet) + updatedAppset.Status.ApplicationStatus = applicationSet.Status.ApplicationStatus + + // Update the newly fetched object with new set of ApplicationStatus + err := r.Client.Status().Update(ctx, updatedAppset) + if err != nil { + return err + } + updatedAppset.DeepCopyInto(applicationSet) + return nil + }) if err != nil { logCtx.Errorf("unable to set application set status: %v", err) return fmt.Errorf("unable to set application set status: %w", err) } - - if err := r.Get(ctx, namespacedName, applicationSet); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %w", err) - } } return nil } -func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appMap map[string]argov1alpha1.Application, validApps []argov1alpha1.Application) ([]argov1alpha1.Application, error) { +func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appMap map[string]argov1alpha1.Application, validApps []argov1alpha1.Application) []argov1alpha1.Application { rolloutApps := []argov1alpha1.Application{} for i := range validApps { pruneEnabled := false @@ -1507,15 +1415,15 @@ func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, appl // check appSyncMap to determine which Applications are ready to be updated and which should be skipped if appSyncMap[validApps[i].Name] && appMap[validApps[i].Name].Status.Sync.Status == "OutOfSync" && appSetStatusPending { logCtx.Infof("triggering sync for application: %v, prune enabled: %v", validApps[i].Name, pruneEnabled) - validApps[i], _ = syncApplication(validApps[i], pruneEnabled) + validApps[i] = syncApplication(validApps[i], pruneEnabled) } rolloutApps = append(rolloutApps, validApps[i]) } - return rolloutApps, nil + return rolloutApps } // used by the RollingSync Progressive Sync strategy to trigger a sync of a particular Application resource -func syncApplication(application argov1alpha1.Application, prune bool) (argov1alpha1.Application, error) { +func syncApplication(application argov1alpha1.Application, prune bool) argov1alpha1.Application { operation := argov1alpha1.Operation{ InitiatedBy: argov1alpha1.OperationInitiator{ Username: "applicationset-controller", @@ -1541,7 +1449,7 @@ func syncApplication(application argov1alpha1.Application, prune bool) (argov1al } application.Operation = &operation - return application, nil + return application } func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs { diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 04da87e4d517e..2a6856ecde7ac 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -5,12 +5,11 @@ import ( "encoding/json" "fmt" "reflect" + "strconv" "strings" "testing" "time" - "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks" - log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" @@ -24,7 +23,6 @@ import ( kubefake "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" crtclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -34,304 +32,23 @@ import ( "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/argoproj/argo-cd/v2/applicationset/generators" + "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks" "github.com/argoproj/argo-cd/v2/applicationset/utils" + appsetmetrics "github.com/argoproj/argo-cd/v2/applicationset/metrics" + argocommon "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" - "github.com/argoproj/argo-cd/v2/util/collections" dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) -type generatorMock struct { - mock.Mock -} - -func (g *generatorMock) GetTemplate(appSetGenerator *v1alpha1.ApplicationSetGenerator) *v1alpha1.ApplicationSetTemplate { - args := g.Called(appSetGenerator) - - return args.Get(0).(*v1alpha1.ApplicationSetTemplate) -} - -func (g *generatorMock) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, _ *v1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) { - args := g.Called(appSetGenerator) - - return args.Get(0).([]map[string]interface{}), args.Error(1) -} - -func (g *generatorMock) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { - args := g.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions) - - return args.Get(0).(string), args.Error(1) -} - -type rendererMock struct { - mock.Mock -} - -func (g *generatorMock) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSetGenerator) time.Duration { - args := g.Called(appSetGenerator) - - return args.Get(0).(time.Duration) -} - -func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) { - args := r.Called(tmpl, params, useGoTemplate, goTemplateOptions) - - if args.Error(1) != nil { - return nil, args.Error(1) - } - - return args.Get(0).(*v1alpha1.Application), args.Error(1) -} - -func (r *rendererMock) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { - args := r.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions) - - return args.Get(0).(string), args.Error(1) -} - -func TestExtractApplications(t *testing.T) { - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - for _, c := range []struct { - name string - params []map[string]interface{} - template v1alpha1.ApplicationSetTemplate - generateParamsError error - rendererError error - expectErr bool - expectedReason v1alpha1.ApplicationSetReasonType - }{ - { - name: "Generate two applications", - params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "name", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - expectedReason: "", - }, - { - name: "Handles error from the generator", - generateParamsError: fmt.Errorf("error"), - expectErr: true, - expectedReason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - { - name: "Handles error from the render", - params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "name", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - rendererError: fmt.Errorf("error"), - expectErr: true, - expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError, - }, - } { - cc := c - app := v1alpha1.Application{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - }, - } - - t.Run(cc.name, func(t *testing.T) { - appSet := &v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - } - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(appSet).Build() - - generatorMock := generatorMock{} - generator := v1alpha1.ApplicationSetGenerator{ - List: &v1alpha1.ListGenerator{}, - } - - generatorMock.On("GenerateParams", &generator). - Return(cc.params, cc.generateParamsError) - - generatorMock.On("GetTemplate", &generator). - Return(&v1alpha1.ApplicationSetTemplate{}) - - rendererMock := rendererMock{} - - var expectedApps []v1alpha1.Application - - if cc.generateParamsError == nil { - for _, p := range cc.params { - if cc.rendererError != nil { - rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). - Return(nil, cc.rendererError) - } else { - rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). - Return(&app, nil) - expectedApps = append(expectedApps, app) - } - } - } - - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(1), - Generators: map[string]generators.Generator{ - "List": &generatorMock, - }, - Renderer: &rendererMock, - KubeClientset: kubefake.NewSimpleClientset(), - } - - got, reason, err := r.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{generator}, - Template: cc.template, - }, - }) - - if cc.expectErr { - require.Error(t, err) - } else { - require.NoError(t, err) - } - assert.Equal(t, expectedApps, got) - assert.Equal(t, cc.expectedReason, reason) - generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1) - - if cc.generateParamsError == nil { - rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params)) - } - }) - } -} - -func TestMergeTemplateApplications(t *testing.T) { - scheme := runtime.NewScheme() - _ = v1alpha1.AddToScheme(scheme) - _ = v1alpha1.AddToScheme(scheme) - - client := fake.NewClientBuilder().WithScheme(scheme).Build() - - for _, c := range []struct { - name string - params []map[string]interface{} - template v1alpha1.ApplicationSetTemplate - overrideTemplate v1alpha1.ApplicationSetTemplate - expectedMerged v1alpha1.ApplicationSetTemplate - expectedApps []v1alpha1.Application - }{ - { - name: "Generate app", - params: []map[string]interface{}{{"name": "app1"}}, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "name", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - overrideTemplate: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "test", - Labels: map[string]string{"foo": "bar"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - expectedMerged: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "test", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value", "foo": "bar"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - expectedApps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "test", - Labels: map[string]string{"foo": "bar"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - }, - }, - } { - cc := c - - t.Run(cc.name, func(t *testing.T) { - generatorMock := generatorMock{} - generator := v1alpha1.ApplicationSetGenerator{ - List: &v1alpha1.ListGenerator{}, - } - - generatorMock.On("GenerateParams", &generator). - Return(cc.params, nil) - - generatorMock.On("GetTemplate", &generator). - Return(&cc.overrideTemplate) - - rendererMock := rendererMock{} - - rendererMock.On("RenderTemplateParams", getTempApplication(cc.expectedMerged), cc.params[0], false, []string(nil)). - Return(&cc.expectedApps[0], nil) - - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(1), - Generators: map[string]generators.Generator{ - "List": &generatorMock, - }, - Renderer: &rendererMock, - KubeClientset: kubefake.NewSimpleClientset(), - } - - got, _, _ := r.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{generator}, - Template: cc.template, - }, - }, - ) - - assert.Equal(t, cc.expectedApps, got) - }) - } -} - func TestCreateOrUpdateInCluster(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, c := range []struct { // name is human-readable test name name string @@ -356,8 +73,10 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, + Spec: v1alpha1.ApplicationSpec{Project: "default"}, }, }, expected: []v1alpha1.Application{ @@ -409,7 +128,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -467,7 +187,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app2", + Name: "app2", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -526,6 +247,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { { ObjectMeta: metav1.ObjectMeta{ Name: "app1", + Namespace: "namespace", Labels: map[string]string{"label-key": "label-value"}, Annotations: map[string]string{"annot-key": "annot-value"}, }, @@ -589,7 +311,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -655,7 +378,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -728,6 +452,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { { ObjectMeta: metav1.ObjectMeta{ Name: "app1", + Namespace: "namespace", Labels: map[string]string{"label-key": "label-value"}, Annotations: map[string]string{"annot-key": "annot-value"}, }, @@ -805,7 +530,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -874,7 +600,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -924,7 +651,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1002,7 +730,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1105,7 +834,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1206,7 +936,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1287,7 +1018,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1326,11 +1058,13 @@ func TestCreateOrUpdateInCluster(t *testing.T) { } client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(initObjs...).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(len(initObjs) + len(c.expected)), + Metrics: metrics, } err = r.createOrUpdateInCluster(context.TODO(), log.NewEntry(log.StandardLogger()), c.appSet, c.desiredApps) @@ -1355,9 +1089,6 @@ func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, c := range []struct { // name is human-readable test name name string @@ -1435,12 +1166,14 @@ func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { objects := append([]runtime.Object{}, secret) kubeclientset := kubefake.NewSimpleClientset(objects...) + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(10), KubeClientset: kubeclientset, + Metrics: metrics, } // settingsMgr := settings.NewSettingsManager(context.TODO(), kubeclientset, "namespace") // argoDB := db.NewDB("namespace", settingsMgr, r.KubeClientset) @@ -1476,9 +1209,6 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, c := range []struct { // name is human-readable test name name string @@ -1592,12 +1322,14 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { objects := append([]runtime.Object{}, secret) kubeclientset := kubefake.NewSimpleClientset(objects...) + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(10), KubeClientset: kubeclientset, + Metrics: metrics, } // settingsMgr := settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd") // argoDB := db.NewDB("argocd", settingsMgr, r.KubeClientset) @@ -1631,9 +1363,6 @@ func TestRemoveOwnerReferencesOnDeleteAppSet(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, c := range []struct { // name is human-readable test name name string @@ -1679,12 +1408,14 @@ func TestRemoveOwnerReferencesOnDeleteAppSet(t *testing.T) { initObjs := []crtclient.Object{&app, &appSet} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(initObjs...).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(10), KubeClientset: nil, + Metrics: metrics, } err = r.removeOwnerReferencesOnDeleteAppSet(context.Background(), appSet) @@ -1705,9 +1436,6 @@ func TestCreateApplications(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - testCases := []struct { name string appSet v1alpha1.ApplicationSet @@ -1727,7 +1455,8 @@ func TestCreateApplications(t *testing.T) { apps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, }, }, @@ -1782,7 +1511,8 @@ func TestCreateApplications(t *testing.T) { apps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", + Name: "app1", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1840,7 +1570,8 @@ func TestCreateApplications(t *testing.T) { apps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app2", + Name: "app2", + Namespace: "namespace", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1876,11 +1607,13 @@ func TestCreateApplications(t *testing.T) { } client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(initObjs...).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(len(initObjs) + len(c.expected)), + Metrics: metrics, } err = r.createInCluster(context.TODO(), log.NewEntry(log.StandardLogger()), c.appSet, c.apps) @@ -1906,8 +1639,6 @@ func TestDeleteInCluster(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) for _, c := range []struct { // appSet is the application set on which the delete function is called @@ -2018,12 +1749,14 @@ func TestDeleteInCluster(t *testing.T) { } client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(initObjs...).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(len(initObjs) + len(c.expected)), KubeClientset: kubefake.NewSimpleClientset(), + Metrics: metrics, } err = r.deleteInCluster(context.TODO(), log.NewEntry(log.StandardLogger()), c.appSet, c.desiredApps) @@ -2060,10 +1793,9 @@ func TestGetMinRequeueAfter(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) client := fake.NewClientBuilder().WithScheme(scheme).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) generator := v1alpha1.ApplicationSetGenerator{ List: &v1alpha1.ListGenerator{}, @@ -2071,15 +1803,15 @@ func TestGetMinRequeueAfter(t *testing.T) { Clusters: &v1alpha1.ClusterGenerator{}, } - generatorMock0 := generatorMock{} + generatorMock0 := mocks.Generator{} generatorMock0.On("GetRequeueAfter", &generator). Return(generators.NoRequeueAfter) - generatorMock1 := generatorMock{} + generatorMock1 := mocks.Generator{} generatorMock1.On("GetRequeueAfter", &generator). Return(time.Duration(1) * time.Second) - generatorMock10 := generatorMock{} + generatorMock10 := mocks.Generator{} generatorMock10.On("GetRequeueAfter", &generator). Return(time.Duration(10) * time.Second) @@ -2087,6 +1819,7 @@ func TestGetMinRequeueAfter(t *testing.T) { Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(0), + Metrics: metrics, Generators: map[string]generators.Generator{ "List": &generatorMock10, "Git": &generatorMock1, @@ -2107,8 +1840,6 @@ func TestRequeueGeneratorFails(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) appSet := v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -2133,6 +1864,8 @@ func TestRequeueGeneratorFails(t *testing.T) { generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). Return([]map[string]interface{}{}, fmt.Errorf("Simulated error generating params that could be related to an external service/API call")) + metrics := appsetmetrics.NewFakeAppsetMetrics(client) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, @@ -2140,6 +1873,7 @@ func TestRequeueGeneratorFails(t *testing.T) { Generators: map[string]generators.Generator{ "PullRequest": &generatorMock, }, + Metrics: metrics, } req := ctrl.Request{ @@ -2159,17 +1893,6 @@ func TestValidateGeneratedApplications(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - client := fake.NewClientBuilder().WithScheme(scheme).Build() - - // Valid cluster - myCluster := v1alpha1.Cluster{ - Server: "https://kubernetes.default.svc", - Name: "my-cluster", - } - // Valid project myProject := &v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "namespace"}, @@ -2190,6 +1913,9 @@ func TestValidateGeneratedApplications(t *testing.T) { }, } + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(myProject).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) + // Test a subset of the validations that 'validateGeneratedApplications' performs for _, cc := range []struct { name string @@ -2333,12 +2059,6 @@ func TestValidateGeneratedApplications(t *testing.T) { objects := append([]runtime.Object{}, secret) kubeclientset := kubefake.NewSimpleClientset(objects...) - argoDBMock := dbmocks.ArgoDB{} - argoDBMock.On("GetCluster", mock.Anything, "https://kubernetes.default.svc").Return(&myCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - myCluster, - }}, nil) - argoObjs := []runtime.Object{myProject} for _, app := range cc.apps { argoObjs = append(argoObjs, &app) @@ -2349,10 +2069,11 @@ func TestValidateGeneratedApplications(t *testing.T) { Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoCDNamespace: "namespace", ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } appSetInfo := v1alpha1.ApplicationSet{} @@ -2394,8 +2115,6 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) project := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "good-project", Namespace: "argocd"}, @@ -2433,17 +2152,10 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { } kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&project} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() - goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} - badCluster := v1alpha1.Cluster{Server: "https://bad-cluster", Name: "bad-cluster"} - argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) - argoDBMock.On("GetCluster", mock.Anything, "https://bad-cluster").Return(&badCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - goodCluster, - }}, nil) + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, @@ -2453,11 +2165,12 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, Policy: v1alpha1.ApplicationsSyncPolicySync, ArgoCDNamespace: "argocd", + Metrics: metrics, } req := ctrl.Request{ @@ -2488,64 +2201,185 @@ func TestSetApplicationSetStatusCondition(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - appSet := v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{ - {List: &v1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{{ - Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), - }}, - }}, + testCases := []struct { + appset v1alpha1.ApplicationSet + conditions []v1alpha1.ApplicationSetCondition + testfunc func(t *testing.T, appset v1alpha1.ApplicationSet) + }{ + { + appset: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + }, + }, + conditions: []v1alpha1.ApplicationSetCondition{ + { + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, + Message: "All applications have been generated successfully", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + }, + }, + testfunc: func(t *testing.T, appset v1alpha1.ApplicationSet) { + assert.Len(t, appset.Status.Conditions, 3) }, - Template: v1alpha1.ApplicationSetTemplate{}, }, - } - - appCondition := v1alpha1.ApplicationSetCondition{ - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Message: "All applications have been generated successfully", - Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - } - - kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} - argoObjs := []runtime.Object{} + { + appset: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + }, + }, + conditions: []v1alpha1.ApplicationSetCondition{ + { + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, + Message: "All applications have been generated successfully", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + }, + { + Type: v1alpha1.ApplicationSetConditionRolloutProgressing, + Message: "ApplicationSet Rollout Rollout started", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + }, + }, + testfunc: func(t *testing.T, appset v1alpha1.ApplicationSet) { + assert.Len(t, appset.Status.Conditions, 3) - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + isProgressingCondition := false - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Renderer: &utils.Render{}, - Recorder: record.NewFakeRecorder(1), - Generators: map[string]generators.Generator{ - "List": generators.NewListGenerator(), + for _, condition := range appset.Status.Conditions { + if condition.Type == v1alpha1.ApplicationSetConditionRolloutProgressing { + isProgressingCondition = true + break + } + } + + assert.False(t, isProgressingCondition, "no RolloutProgressing should be set for applicationsets that don't have rolling strategy") + }, + }, + { + appset: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), + }}, + }}, + }, + Template: v1alpha1.ApplicationSetTemplate{}, + Strategy: &v1alpha1.ApplicationSetStrategy{ + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{ + { + Key: "test", + Operator: "In", + Values: []string{"test"}, + }, + }, + }, + }, + }, + }, + }, + }, + conditions: []v1alpha1.ApplicationSetCondition{ + { + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, + Message: "All applications have been generated successfully", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + }, + { + Type: v1alpha1.ApplicationSetConditionRolloutProgressing, + Message: "ApplicationSet Rollout Rollout started", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + }, + }, + testfunc: func(t *testing.T, appset v1alpha1.ApplicationSet) { + assert.Len(t, appset.Status.Conditions, 4) + + isProgressingCondition := false + + for _, condition := range appset.Status.Conditions { + if condition.Type == v1alpha1.ApplicationSetConditionRolloutProgressing { + isProgressingCondition = true + break + } + } + + assert.True(t, isProgressingCondition, "RolloutProgressing should be set for rollout strategy appset") + }, }, - ArgoDB: &argoDBMock, - ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), - KubeClientset: kubeclientset, } - err = r.setApplicationSetStatusCondition(context.TODO(), &appSet, appCondition, true) - require.NoError(t, err) + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) + argoObjs := []runtime.Object{} - assert.Len(t, appSet.Status.Conditions, 3) + for _, testCase := range testCases { + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&testCase.appset).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).WithStatusSubresource(&testCase.appset).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Renderer: &utils.Render{}, + Recorder: record.NewFakeRecorder(1), + Generators: map[string]generators.Generator{ + "List": generators.NewListGenerator(), + }, + ArgoDB: &dbmocks.ArgoDB{}, + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + Metrics: metrics, + } + + for _, condition := range testCase.conditions { + err = r.setApplicationSetStatusCondition(context.TODO(), &testCase.appset, condition, true) + require.NoError(t, err) + } + + testCase.testfunc(t, testCase.appset) + } } func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alpha1.ApplicationsSyncPolicy, recordBuffer int, allowPolicyOverride bool) v1alpha1.Application { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) defaultProject := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, @@ -2583,16 +2417,30 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp }, } - kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&defaultProject} + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "argocd", + Labels: map[string]string{ + argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + // Since this test requires the cluster to be an invalid destination, we + // always return a cluster named 'my-cluster2' (different from app 'my-cluster', above) + "name": []byte("good-cluster"), + "server": []byte("https://good-cluster"), + "config": []byte("{\"username\":\"foo\",\"password\":\"foo\"}"), + }, + } + + objects := append([]runtime.Object{}, secret) + kubeclientset := kubefake.NewSimpleClientset(objects...) + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() - goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} - argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - goodCluster, - }}, nil) + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, @@ -2602,12 +2450,13 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoCDNamespace: "argocd", ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, Policy: v1alpha1.ApplicationsSyncPolicySync, EnablePolicyOverride: allowPolicyOverride, + Metrics: metrics, } req := ctrl.Request{ @@ -2707,8 +2556,6 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) defaultProject := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, @@ -2746,16 +2593,30 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp }, } - kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&defaultProject} + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "argocd", + Labels: map[string]string{ + argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + // Since this test requires the cluster to be an invalid destination, we + // always return a cluster named 'my-cluster2' (different from app 'my-cluster', above) + "name": []byte("good-cluster"), + "server": []byte("https://good-cluster"), + "config": []byte("{\"username\":\"foo\",\"password\":\"foo\"}"), + }, + } + + objects := append([]runtime.Object{}, secret) + kubeclientset := kubefake.NewSimpleClientset(objects...) + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() - goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} - argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - goodCluster, - }}, nil) + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, @@ -2765,12 +2626,13 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoCDNamespace: "argocd", ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, Policy: v1alpha1.ApplicationsSyncPolicySync, EnablePolicyOverride: allowPolicyOverride, + Metrics: metrics, } req := ctrl.Request{ @@ -2840,7 +2702,7 @@ func TestDeletePerformedWithSyncPolicyCreateDelete(t *testing.T) { apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) - assert.Empty(t, apps.Items) + assert.NotNil(t, apps.Items[0].DeletionTimestamp) } func TestDeletePerformedWithSyncPolicySync(t *testing.T) { @@ -2848,7 +2710,7 @@ func TestDeletePerformedWithSyncPolicySync(t *testing.T) { apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) - assert.Empty(t, apps.Items) + assert.NotNil(t, apps.Items[0].DeletionTimestamp) } func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *testing.T) { @@ -2856,120 +2718,7 @@ func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *t apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, false) - assert.Empty(t, apps.Items) -} - -// Test app generation from a go template application set using a pull request generator -func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { - scheme := runtime.NewScheme() - client := fake.NewClientBuilder().WithScheme(scheme).Build() - - for _, cases := range []struct { - name string - params []map[string]interface{} - template v1alpha1.ApplicationSetTemplate - expectedApp []v1alpha1.Application - }{ - { - name: "Generate an application from a go template application set manifest using a pull request generator", - params: []map[string]interface{}{ - { - "number": "1", - "branch": "branch1", - "branch_slug": "branchSlug1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "branch_slugify_default": "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", - "branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature", - "branch_slugify_smarttruncate_enabled": "feat/testwithsmarttruncateenabledramdomlonglistofcharacters", - "labels": []string{"label1"}, - }, - }, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "AppSet-{{.branch}}-{{.number}}", - Labels: map[string]string{ - "app1": "{{index .labels 0}}", - "branch-test1": "AppSet-{{.branch_slugify_default | slugify }}", - "branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}", - "branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}", - }, - }, - Spec: v1alpha1.ApplicationSpec{ - Source: &v1alpha1.ApplicationSource{ - RepoURL: "https://testurl/testRepo", - TargetRevision: "{{.head_short_sha}}", - }, - Destination: v1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}", - }, - }, - }, - expectedApp: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "AppSet-branch1-1", - Labels: map[string]string{ - "app1": "label1", - "branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo", - "branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific", - "branch-test3": "AppSet-feat", - }, - }, - Spec: v1alpha1.ApplicationSpec{ - Source: &v1alpha1.ApplicationSource{ - RepoURL: "https://testurl/testRepo", - TargetRevision: "089d92cb", - }, - Destination: v1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958", - }, - }, - }, - }, - }, - } { - t.Run(cases.name, func(t *testing.T) { - generatorMock := generatorMock{} - generator := v1alpha1.ApplicationSetGenerator{ - PullRequest: &v1alpha1.PullRequestGenerator{}, - } - - generatorMock.On("GenerateParams", &generator). - Return(cases.params, nil) - - generatorMock.On("GetTemplate", &generator). - Return(&cases.template, nil) - - appSetReconciler := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(1), - Generators: map[string]generators.Generator{ - "PullRequest": &generatorMock, - }, - Renderer: &utils.Render{}, - KubeClientset: kubefake.NewSimpleClientset(), - } - - gotApp, _, _ := appSetReconciler.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ - Spec: v1alpha1.ApplicationSetSpec{ - GoTemplate: true, - Generators: []v1alpha1.ApplicationSetGenerator{{ - PullRequest: &v1alpha1.PullRequestGenerator{}, - }}, - Template: cases.template, - }, - }, - ) - assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name) - assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision) - assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace) - assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels)) - }) - } + assert.NotNil(t, apps.Items[0].DeletionTimestamp) } func TestPolicies(t *testing.T) { @@ -2977,21 +2726,12 @@ func TestPolicies(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - defaultProject := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://kubernetes.default.svc"}}}, } - myCluster := v1alpha1.Cluster{ - Server: "https://kubernetes.default.svc", - Name: "my-cluster", - } kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} - argoDBMock.On("GetCluster", mock.Anything, "https://kubernetes.default.svc").Return(&myCluster, nil) argoObjs := []runtime.Object{&defaultProject} for _, c := range []struct { @@ -3065,6 +2805,7 @@ func TestPolicies(t *testing.T) { } client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, @@ -3074,11 +2815,12 @@ func TestPolicies(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoCDNamespace: "argocd", ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, Policy: policy, + Metrics: metrics, } req := ctrl.Request{ @@ -3146,11 +2888,8 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} for _, cc := range []struct { @@ -3225,6 +2964,7 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, @@ -3234,9 +2974,10 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } err = r.setAppSetApplicationStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.appStatuses) @@ -3252,10 +2993,8 @@ func TestBuildAppDependencyList(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - client := fake.NewClientBuilder().WithScheme(scheme).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) for _, cc := range []struct { name string @@ -3985,7 +3724,6 @@ func TestBuildAppDependencyList(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} r := ApplicationSetReconciler{ @@ -3993,13 +3731,13 @@ func TestBuildAppDependencyList(t *testing.T) { Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } - appDependencyList, appStepMap, err := r.buildAppDependencyList(log.NewEntry(log.StandardLogger()), cc.appSet, cc.apps) - require.NoError(t, err, "expected no errors, but errors occurred") + appDependencyList, appStepMap := r.buildAppDependencyList(log.NewEntry(log.StandardLogger()), cc.appSet, cc.apps) assert.Equal(t, cc.expectedList, appDependencyList, "expected appDependencyList did not match actual") assert.Equal(t, cc.expectedStepMap, appStepMap, "expected appStepMap did not match actual") }) @@ -4011,10 +3749,8 @@ func TestBuildAppSyncMap(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - client := fake.NewClientBuilder().WithScheme(scheme).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) for _, cc := range []struct { name string @@ -4032,8 +3768,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, }, @@ -4049,8 +3794,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, }, @@ -4072,8 +3826,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, }, @@ -4095,8 +3858,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4164,8 +3936,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4233,8 +4014,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4302,8 +4092,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4371,8 +4170,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4440,8 +4248,17 @@ func TestBuildAppSyncMap(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4575,7 +4392,6 @@ func TestBuildAppSyncMap(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} r := ApplicationSetReconciler{ @@ -4583,13 +4399,13 @@ func TestBuildAppSyncMap(t *testing.T) { Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } - appSyncMap, err := r.buildAppSyncMap(context.TODO(), cc.appSet, cc.appDependencyList, cc.appMap) - require.NoError(t, err, "expected no errors, but errors occurred") + appSyncMap := r.buildAppSyncMap(cc.appSet, cc.appDependencyList, cc.appMap) assert.Equal(t, cc.expectedMap, appSyncMap, "expected appSyncMap did not match actual") }) } @@ -4600,9 +4416,6 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, cc := range []struct { name string appSet v1alpha1.ApplicationSet @@ -4619,8 +4432,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, }, @@ -4636,8 +4458,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, }, @@ -4659,6 +4490,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4678,8 +4512,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{}, @@ -4702,6 +4545,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4721,8 +4567,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4754,6 +4609,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4773,8 +4631,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4820,6 +4687,10 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + "app2-multisource": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4846,8 +4717,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4874,6 +4754,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4893,8 +4776,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4927,6 +4819,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4946,8 +4841,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -4980,6 +4884,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -4999,8 +4906,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -5033,6 +4949,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -5052,8 +4971,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, }, @@ -5102,8 +5030,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -5152,6 +5089,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -5171,8 +5111,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -5221,6 +5170,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -5240,8 +5192,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -5289,6 +5250,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -5308,8 +5272,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Strategy: &v1alpha1.ApplicationSetStrategy{ - Type: "RollingSync", - RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{}, + Type: "RollingSync", + RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{ + Steps: []v1alpha1.ApplicationSetRolloutStep{ + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + { + MatchExpressions: []v1alpha1.ApplicationMatchExpression{}, + }, + }, + }, }, }, Status: v1alpha1.ApplicationSetStatus{ @@ -5349,6 +5322,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, }, + appStepMap: map[string]int{ + "app1": 0, + }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { Application: "app1", @@ -5362,19 +5338,20 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } appStatuses, err := r.updateApplicationSetApplicationStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps, cc.appStepMap) @@ -5395,9 +5372,6 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, cc := range []struct { name string appSet v1alpha1.ApplicationSet @@ -6114,22 +6088,23 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } - appStatuses, err := r.updateApplicationSetApplicationStatusProgress(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.appSyncMap, cc.appStepMap, cc.appMap) + appStatuses, err := r.updateApplicationSetApplicationStatusProgress(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.appSyncMap, cc.appStepMap) // opt out of testing the LastTransitionTime is accurate for i := range appStatuses { @@ -6147,9 +6122,6 @@ func TestUpdateResourceStatus(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, cc := range []struct { name string appSet v1alpha1.ApplicationSet @@ -6328,24 +6300,120 @@ func TestUpdateResourceStatus(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} client := fake.NewClientBuilder().WithScheme(scheme).WithStatusSubresource(&cc.appSet).WithObjects(&cc.appSet).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Recorder: record.NewFakeRecorder(1), + Generators: map[string]generators.Generator{}, + ArgoDB: &dbmocks.ArgoDB{}, + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + Metrics: metrics, + } + + err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) + + require.NoError(t, err, "expected no errors, but errors occurred") + assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual") + }) + } +} + +func generateNAppResourceStatuses(n int) []v1alpha1.ResourceStatus { + var r []v1alpha1.ResourceStatus + for i := 0; i < n; i++ { + r = append(r, v1alpha1.ResourceStatus{ + Name: "app" + strconv.Itoa(i), + Status: v1alpha1.SyncStatusCodeSynced, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + ) + } + return r +} + +func generateNHealthyApps(n int) []v1alpha1.Application { + var r []v1alpha1.Application + for i := 0; i < n; i++ { + r = append(r, v1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "app" + strconv.Itoa(i), + }, + Status: v1alpha1.ApplicationStatus{ + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }) + } + return r +} + +func TestResourceStatusAreOrdered(t *testing.T) { + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + require.NoError(t, err) + + for _, cc := range []struct { + name string + appSet v1alpha1.ApplicationSet + apps []v1alpha1.Application + expectedResources []v1alpha1.ResourceStatus + }{ + { + name: "Ensures AppSet is always ordered", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Status: v1alpha1.ApplicationSetStatus{ + Resources: []v1alpha1.ResourceStatus{}, + }, + }, + apps: generateNHealthyApps(10), + expectedResources: generateNAppResourceStatuses(10), + }, + } { + t.Run(cc.name, func(t *testing.T) { + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) + argoObjs := []runtime.Object{} + + client := fake.NewClientBuilder().WithScheme(scheme).WithStatusSubresource(&cc.appSet).WithObjects(&cc.appSet).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: &dbmocks.ArgoDB{}, ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), KubeClientset: kubeclientset, + Metrics: metrics, } err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) + require.NoError(t, err, "expected no errors, but errors occurred") + + err = r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) + require.NoError(t, err, "expected no errors, but errors occurred") + err = r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) require.NoError(t, err, "expected no errors, but errors occurred") + assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual") }) } @@ -6548,9 +6616,6 @@ func TestMigrateStatus(t *testing.T) { err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - for _, tc := range []struct { name string appset v1alpha1.ApplicationSet diff --git a/applicationset/controllers/clustereventhandler.go b/applicationset/controllers/clustereventhandler.go index 04ee140d2cde7..66fdebca66a21 100644 --- a/applicationset/controllers/clustereventhandler.go +++ b/applicationset/controllers/clustereventhandler.go @@ -4,6 +4,8 @@ import ( "context" "fmt" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + log "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/types" @@ -24,29 +26,29 @@ type clusterSecretEventHandler struct { Client client.Client } -func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.RateLimitingInterface) { +func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) { h.queueRelatedAppGenerators(ctx, q, e.Object) } -func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.RateLimitingInterface) { +func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) { h.queueRelatedAppGenerators(ctx, q, e.ObjectNew) } -func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.RateLimitingInterface) { +func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) { h.queueRelatedAppGenerators(ctx, q, e.Object) } -func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.RateLimitingInterface) { +func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) { h.queueRelatedAppGenerators(ctx, q, e.Object) } // addRateLimitingInterface defines the Add method of workqueue.RateLimitingInterface, allow us to easily mock // it for testing purposes. -type addRateLimitingInterface interface { - Add(item interface{}) +type addRateLimitingInterface[T comparable] interface { + Add(item T) } -func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface, object client.Object) { +func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface[reconcile.Request], object client.Object) { // Check for label, lookup all ApplicationSets that might match the cluster, queue them all if object.GetLabels()[generators.ArgoCDSecretTypeLabel] != generators.ArgoCDSecretTypeCluster { return diff --git a/applicationset/controllers/clustereventhandler_test.go b/applicationset/controllers/clustereventhandler_test.go index 15ce757954db2..1f73ab36746f2 100644 --- a/applicationset/controllers/clustereventhandler_test.go +++ b/applicationset/controllers/clustereventhandler_test.go @@ -551,24 +551,18 @@ func TestClusterEventHandler(t *testing.T) { handler.queueRelatedAppGenerators(context.Background(), &mockAddRateLimitingInterface, &test.secret) - assert.False(t, mockAddRateLimitingInterface.errorOccurred) assert.ElementsMatch(t, mockAddRateLimitingInterface.addedItems, test.expectedRequests) }) } } // Add checks the type, and adds it to the internal list of received additions -func (obj *mockAddRateLimitingInterface) Add(item interface{}) { - if req, ok := item.(ctrl.Request); ok { - obj.addedItems = append(obj.addedItems, req) - } else { - obj.errorOccurred = true - } +func (obj *mockAddRateLimitingInterface) Add(item reconcile.Request) { + obj.addedItems = append(obj.addedItems, item) } type mockAddRateLimitingInterface struct { - errorOccurred bool - addedItems []ctrl.Request + addedItems []reconcile.Request } func TestNestedGeneratorHasClusterGenerator_NestedClusterGenerator(t *testing.T) { diff --git a/applicationset/controllers/requeue_after_test.go b/applicationset/controllers/requeue_after_test.go index 21bc3dbefafb5..fd922f53566a5 100644 --- a/applicationset/controllers/requeue_after_test.go +++ b/applicationset/controllers/requeue_after_test.go @@ -17,6 +17,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/fake" "github.com/argoproj/argo-cd/v2/applicationset/generators" + appsetmetrics "github.com/argoproj/argo-cd/v2/applicationset/metrics" "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -56,14 +57,14 @@ func TestRequeueAfter(t *testing.T) { }, } fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType) - + scmConfig := generators.NewSCMConfig("", []string{""}, true, nil) terminalGenerators := map[string]generators.Generator{ "List": generators.NewListGenerator(), "Clusters": generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"), "Git": generators.NewGitGenerator(mockServer, "namespace"), - "SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, "", []string{""}, true), + "SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), scmConfig), "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"), - "PullRequest": generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, "", []string{""}, true), + "PullRequest": generators.NewPullRequestGenerator(k8sClient, scmConfig), } nestedGenerators := map[string]generators.Generator{ @@ -89,11 +90,13 @@ func TestRequeueAfter(t *testing.T) { } client := fake.NewClientBuilder().WithScheme(scheme).Build() + metrics := appsetmetrics.NewFakeAppsetMetrics(client) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(0), Generators: topLevelGenerators, + Metrics: metrics, } type args struct { diff --git a/applicationset/controllers/templatePatch.go b/applicationset/controllers/template/patch.go similarity index 98% rename from applicationset/controllers/templatePatch.go rename to applicationset/controllers/template/patch.go index 39058ac187022..b9d1166f1f237 100644 --- a/applicationset/controllers/templatePatch.go +++ b/applicationset/controllers/template/patch.go @@ -1,4 +1,4 @@ -package controllers +package template import ( "encoding/json" diff --git a/applicationset/controllers/templatePatch_test.go b/applicationset/controllers/template/patch_test.go similarity index 99% rename from applicationset/controllers/templatePatch_test.go rename to applicationset/controllers/template/patch_test.go index c1a794077c8ee..456fe445994c8 100644 --- a/applicationset/controllers/templatePatch_test.go +++ b/applicationset/controllers/template/patch_test.go @@ -1,4 +1,4 @@ -package controllers +package template import ( "testing" diff --git a/applicationset/controllers/template/template.go b/applicationset/controllers/template/template.go new file mode 100644 index 0000000000000..bb4bc155d4e59 --- /dev/null +++ b/applicationset/controllers/template/template.go @@ -0,0 +1,99 @@ +package template + +import ( + "fmt" + + "sigs.k8s.io/controller-runtime/pkg/client" + + log "github.com/sirupsen/logrus" + + "github.com/argoproj/argo-cd/v2/applicationset/generators" + "github.com/argoproj/argo-cd/v2/applicationset/utils" + + argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet, g map[string]generators.Generator, renderer utils.Renderer, client client.Client) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) { + var res []argov1alpha1.Application + + var firstError error + var applicationSetReason argov1alpha1.ApplicationSetReasonType + + for _, requestedGenerator := range applicationSetInfo.Spec.Generators { + t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}, client) + if err != nil { + logCtx.WithError(err).WithField("generator", requestedGenerator). + Error("error generating application from params") + if firstError == nil { + firstError = err + applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError + } + continue + } + + for _, a := range t { + tmplApplication := GetTempApplication(a.Template) + + for _, p := range a.Params { + app, err := renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) + if err != nil { + logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). + Error("error generating application from params") + + if firstError == nil { + firstError = err + applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError + } + continue + } + + if applicationSetInfo.Spec.TemplatePatch != nil { + patchedApplication, err := renderTemplatePatch(renderer, app, applicationSetInfo, p) + if err != nil { + log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). + Error("error generating application from params") + + if firstError == nil { + firstError = err + applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError + } + continue + } + + app = patchedApplication + } + + // The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace + // security boundary. + app.Namespace = applicationSetInfo.Namespace + res = append(res, *app) + } + } + + logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res)) + logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res) + } + + return res, applicationSetReason, firstError +} + +func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) { + replacedTemplate, err := r.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) + if err != nil { + return nil, fmt.Errorf("error replacing values in templatePatch: %w", err) + } + + return applyTemplatePatch(app, replacedTemplate) +} + +func GetTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application { + var tmplApplication argov1alpha1.Application + tmplApplication.Annotations = applicationSetTemplate.Annotations + tmplApplication.Labels = applicationSetTemplate.Labels + tmplApplication.Namespace = applicationSetTemplate.Namespace + tmplApplication.Name = applicationSetTemplate.Name + tmplApplication.Spec = applicationSetTemplate.Spec + tmplApplication.Finalizers = applicationSetTemplate.Finalizers + + return &tmplApplication +} diff --git a/applicationset/controllers/template/template_test.go b/applicationset/controllers/template/template_test.go new file mode 100644 index 0000000000000..c765e9c1c67a4 --- /dev/null +++ b/applicationset/controllers/template/template_test.go @@ -0,0 +1,350 @@ +package template + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + log "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + + "github.com/argoproj/argo-cd/v2/applicationset/generators" + genmock "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks" + "github.com/argoproj/argo-cd/v2/applicationset/utils" + rendmock "github.com/argoproj/argo-cd/v2/applicationset/utils/mocks" + "github.com/argoproj/argo-cd/v2/pkg/apis/application" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/collections" +) + +func TestGenerateApplications(t *testing.T) { + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + require.NoError(t, err) + + err = v1alpha1.AddToScheme(scheme) + require.NoError(t, err) + + for _, c := range []struct { + name string + params []map[string]interface{} + template v1alpha1.ApplicationSetTemplate + generateParamsError error + rendererError error + expectErr bool + expectedReason v1alpha1.ApplicationSetReasonType + }{ + { + name: "Generate two applications", + params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "name", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + expectedReason: "", + }, + { + name: "Handles error from the generator", + generateParamsError: fmt.Errorf("error"), + expectErr: true, + expectedReason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, + }, + { + name: "Handles error from the render", + params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "name", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + rendererError: fmt.Errorf("error"), + expectErr: true, + expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError, + }, + } { + cc := c + app := v1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "namespace", + }, + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + } + + t.Run(cc.name, func(t *testing.T) { + generatorMock := genmock.Generator{} + generator := v1alpha1.ApplicationSetGenerator{ + List: &v1alpha1.ListGenerator{}, + } + + generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). + Return(cc.params, cc.generateParamsError) + + generatorMock.On("GetTemplate", &generator). + Return(&v1alpha1.ApplicationSetTemplate{}) + + rendererMock := rendmock.Renderer{} + + var expectedApps []v1alpha1.Application + + if cc.generateParamsError == nil { + for _, p := range cc.params { + if cc.rendererError != nil { + rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)). + Return(nil, cc.rendererError) + } else { + rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)). + Return(&app, nil) + expectedApps = append(expectedApps, app) + } + } + } + + generators := map[string]generators.Generator{ + "List": &generatorMock, + } + renderer := &rendererMock + + got, reason, err := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{generator}, + Template: cc.template, + }, + }, + generators, + renderer, + nil, + ) + + if cc.expectErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + assert.Equal(t, expectedApps, got) + assert.Equal(t, cc.expectedReason, reason) + generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1) + + if cc.generateParamsError == nil { + rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params)) + } + }) + } +} + +func TestMergeTemplateApplications(t *testing.T) { + for _, c := range []struct { + name string + params []map[string]interface{} + template v1alpha1.ApplicationSetTemplate + overrideTemplate v1alpha1.ApplicationSetTemplate + expectedMerged v1alpha1.ApplicationSetTemplate + expectedApps []v1alpha1.Application + }{ + { + name: "Generate app", + params: []map[string]interface{}{{"name": "app1"}}, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "name", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + overrideTemplate: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "test", + Labels: map[string]string{"foo": "bar"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + expectedMerged: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "test", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value", "foo": "bar"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + expectedApps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test", + Labels: map[string]string{"foo": "bar"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + }, + }, + } { + cc := c + + t.Run(cc.name, func(t *testing.T) { + generatorMock := genmock.Generator{} + generator := v1alpha1.ApplicationSetGenerator{ + List: &v1alpha1.ListGenerator{}, + } + + generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). + Return(cc.params, nil) + + generatorMock.On("GetTemplate", &generator). + Return(&cc.overrideTemplate) + + rendererMock := rendmock.Renderer{} + + rendererMock.On("RenderTemplateParams", GetTempApplication(cc.expectedMerged), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), cc.params[0], false, []string(nil)). + Return(&cc.expectedApps[0], nil) + + generators := map[string]generators.Generator{ + "List": &generatorMock, + } + renderer := &rendererMock + + got, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{generator}, + Template: cc.template, + }, + }, + generators, + renderer, + nil, + ) + + assert.Equal(t, cc.expectedApps, got) + }) + } +} + +// Test app generation from a go template application set using a pull request generator +func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { + for _, cases := range []struct { + name string + params []map[string]interface{} + template v1alpha1.ApplicationSetTemplate + expectedApp []v1alpha1.Application + }{ + { + name: "Generate an application from a go template application set manifest using a pull request generator", + params: []map[string]interface{}{ + { + "number": "1", + "title": "title1", + "branch": "branch1", + "branch_slug": "branchSlug1", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "branch_slugify_default": "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + "branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature", + "branch_slugify_smarttruncate_enabled": "feat/testwithsmarttruncateenabledramdomlonglistofcharacters", + "labels": []string{"label1"}, + }, + }, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "AppSet-{{.branch}}-{{.number}}", + Labels: map[string]string{ + "app1": "{{index .labels 0}}", + "branch-test1": "AppSet-{{.branch_slugify_default | slugify }}", + "branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}", + "branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ + RepoURL: "https://testurl/testRepo", + TargetRevision: "{{.head_short_sha}}", + }, + Destination: v1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}", + }, + }, + }, + expectedApp: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "AppSet-branch1-1", + Labels: map[string]string{ + "app1": "label1", + "branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo", + "branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific", + "branch-test3": "AppSet-feat", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ + RepoURL: "https://testurl/testRepo", + TargetRevision: "089d92cb", + }, + Destination: v1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958", + }, + }, + }, + }, + }, + } { + t.Run(cases.name, func(t *testing.T) { + generatorMock := genmock.Generator{} + generator := v1alpha1.ApplicationSetGenerator{ + PullRequest: &v1alpha1.PullRequestGenerator{}, + } + + generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). + Return(cases.params, nil) + + generatorMock.On("GetTemplate", &generator). + Return(&cases.template, nil) + + generators := map[string]generators.Generator{ + "PullRequest": &generatorMock, + } + renderer := &utils.Render{} + + gotApp, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Generators: []v1alpha1.ApplicationSetGenerator{{ + PullRequest: &v1alpha1.PullRequestGenerator{}, + }}, + Template: cases.template, + }, + }, + generators, + renderer, + nil, + ) + assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name) + assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision) + assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace) + assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels)) + }) + } +} diff --git a/applicationset/generators/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/applicationset/generators/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..c50d8d217e77e --- /dev/null +++ b/applicationset/generators/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,180 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetFolderWithContext") + } + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithContext") + } + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListBranchesWithContext") + } + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListRepositoriesWithContext") + } + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSCodeCommitClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/generators/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/applicationset/generators/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..b5e9112df0511 --- /dev/null +++ b/applicationset/generators/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,68 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetResourcesWithContext") + } + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSTaggingClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/generators/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/applicationset/generators/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go new file mode 100644 index 0000000000000..902859672cd0e --- /dev/null +++ b/applicationset/generators/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -0,0 +1,3335 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + core "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" + + io "io" + + mock "github.com/stretchr/testify/mock" + + webapi "github.com/microsoft/azure-devops-go-api/azuredevops/webapi" +) + +// Client is an autogenerated mock type for the Client type +type Client struct { + mock.Mock +} + +// CreateAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAttachment") + } + + var r0 *git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCommitStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCommitStatus") + } + + var r0 *git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CreateMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePush provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeleteAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteAttachment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteComment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestIterationStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestLabels") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestReviewer") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRefFavorite") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepository") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepositoryFromRecycleBin") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachments") + } + + var r0 *[]git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlob provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlob") + } + + var r0 *git.GitBlobRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBlobRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobsZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobsZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranch") + } + + var r0 *git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranches provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranches") + } + + var r0 *[]git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetChanges") + } + + var r0 *git.GitCommitChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPickForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPickForRefName") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComments") + } + + var r0 *[]git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommit provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommit") + } + + var r0 *git.GitCommit + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommit) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitDiffs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitDiffs") + } + + var r0 *git.GitCommitDiffs + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitDiffs) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitsBatch") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetDeletedRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetDeletedRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequests") + } + + var r0 *[]git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForks provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForks") + } + + var r0 *[]git.GitRepositoryRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepositoryRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItem provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItem") + } + + var r0 *git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemText provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemText") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItems provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItems") + } + + var r0 *[]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemsBatch") + } + + var r0 *[][]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[][]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetLikes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetLikes") + } + + var r0 *[]webapi.IdentityRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.IdentityRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeBases provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeBases") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPolicyConfigurations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPolicyConfigurations") + } + + var r0 *git.GitPolicyConfigurationResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPolicyConfigurationResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestById provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestById") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestCommits") + } + + var r0 *git.GetPullRequestCommitsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetPullRequestCommitsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIteration provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIteration") + } + + var r0 *git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationChanges") + } + + var r0 *git.GitPullRequestIterationChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIterationChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterations") + } + + var r0 *[]git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabels") + } + + var r0 *[]core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestQuery provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestQuery") + } + + var r0 *git.GitPullRequestQuery + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestQuery) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestWorkItemRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestWorkItemRefs") + } + + var r0 *[]webapi.ResourceRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.ResourceRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequests") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestsByProject provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestsByProject") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPush provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushes") + } + + var r0 *[]git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRecycleBinRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRecycleBinRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorites provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorites") + } + + var r0 *[]git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefs") + } + + var r0 *git.GetRefsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetRefsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositories") + } + + var r0 *[]git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithParent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithParent") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevertForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevertForRefName") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetStatuses") + } + + var r0 *[]git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetSuggestions provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetSuggestions") + } + + var r0 *[]git.GitSuggestion + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitSuggestion) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetThreads provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetThreads") + } + + var r0 *[]git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTree provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTree") + } + + var r0 *git.GitTreeRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitTreeRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTreeZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTreeZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// QueryImportRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for QueryImportRequests") + } + + var r0 *[]git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RestoreRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for RestoreRepositoryFromRecycleBin") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SharePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for SharePullRequest") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestIterationStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestReviewers") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateRef provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRef") + } + + var r0 *git.GitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRefs") + } + + var r0 *[]git.GitRefUpdateResult + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefUpdateResult) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index 87cf807df06e1..eafb3de1fabb6 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -85,7 +85,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap clusterSecrets, err := g.getSecretsByClusterName(appSetGenerator) if err != nil { - return nil, err + return nil, fmt.Errorf("error getting cluster secrets: %w", err) } res := []map[string]interface{}{} @@ -106,7 +106,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) if err != nil { - return nil, err + return nil, fmt.Errorf("error appending templated values for local cluster: %w", err) } res = append(res, params) @@ -146,7 +146,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) if err != nil { - return nil, err + return nil, fmt.Errorf("error appending templated values for cluster: %w", err) } res = append(res, params) @@ -164,7 +164,7 @@ func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1 selector := metav1.AddLabelToSelector(&appSetGenerator.Clusters.Selector, ArgoCDSecretTypeLabel, ArgoCDSecretTypeCluster) secretSelector, err := metav1.LabelSelectorAsSelector(selector) if err != nil { - return nil, err + return nil, fmt.Errorf("error converting label selector: %w", err) } if err := g.Client.List(context.Background(), clusterSecretList, client.MatchingLabelsSelector{Selector: secretSelector}); err != nil { diff --git a/applicationset/generators/cluster_test.go b/applicationset/generators/cluster_test.go index a943dc98cdf2b..f319081c09218 100644 --- a/applicationset/generators/cluster_test.go +++ b/applicationset/generators/cluster_test.go @@ -226,7 +226,7 @@ func TestGenerateParams(t *testing.T) { values: nil, expected: nil, clientError: true, - expectedError: fmt.Errorf("could not list Secrets"), + expectedError: fmt.Errorf("error getting cluster secrets: could not list Secrets"), }, } @@ -597,7 +597,7 @@ func TestGenerateParamsGoTemplate(t *testing.T) { values: nil, expected: nil, clientError: true, - expectedError: fmt.Errorf("could not list Secrets"), + expectedError: fmt.Errorf("error getting cluster secrets: could not list Secrets"), }, } diff --git a/applicationset/generators/duck_type.go b/applicationset/generators/duck_type.go index 7e0dfb3570d8c..d7ceafd31de3b 100644 --- a/applicationset/generators/duck_type.go +++ b/applicationset/generators/duck_type.go @@ -125,7 +125,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A duckResources, err := g.dynClient.Resource(duckGVR).Namespace(g.namespace).List(g.ctx, listOptions) if err != nil { log.WithField("GVK", duckGVR).Warning("resources were not found") - return nil, err + return nil, fmt.Errorf("failed to get dynamic resources: %w", err) } if len(duckResources.Items) == 0 { @@ -218,7 +218,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A res = append(res, params) } } else { - log.Warningf("clusterDecisionResource status." + statusListKey + " missing") + log.Warningf("clusterDecisionResource status.%s missing", statusListKey) return nil, nil } diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index 312924bbb415c..74fe02044b473 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -78,7 +78,7 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic return nil, fmt.Errorf("error getting project %s: %w", project, err) } // we need to verify the signature on the Git revision if GPG is enabled - verifyCommit = appProject.Spec.SignatureKeys != nil && len(appProject.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled() + verifyCommit = len(appProject.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled() } var err error diff --git a/applicationset/generators/interface.go b/applicationset/generators/interface.go index 14093bac45d98..ea105c7842279 100644 --- a/applicationset/generators/interface.go +++ b/applicationset/generators/interface.go @@ -9,8 +9,6 @@ import ( argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) -//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=Generator - // Generator defines the interface implemented by all ApplicationSet generators. type Generator interface { // GenerateParams interprets the ApplicationSet and generates all relevant parameters for the application template. diff --git a/applicationset/generators/matrix_test.go b/applicationset/generators/matrix_test.go index 99834b72b7916..3a961bb0fe877 100644 --- a/applicationset/generators/matrix_test.go +++ b/applicationset/generators/matrix_test.go @@ -1073,7 +1073,7 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) { // of that bug. listGeneratorMock := &generatorMock{} - listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet")).Return([]map[string]interface{}{ + listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).Return([]map[string]interface{}{ {"some": "value"}, }, nil) listGeneratorMock.On("GetTemplate", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator")).Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) diff --git a/applicationset/generators/mocks/Generator.go b/applicationset/generators/mocks/Generator.go index df337fccb44b2..dc6197f892866 100644 --- a/applicationset/generators/mocks/Generator.go +++ b/applicationset/generators/mocks/Generator.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go index 54fcb73a2d77f..3392480bf419b 100644 --- a/applicationset/generators/pull_request.go +++ b/applicationset/generators/pull_request.go @@ -6,12 +6,12 @@ import ( "strconv" "time" - corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/gosimple/slug" pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request" + "github.com/argoproj/argo-cd/v2/applicationset/utils" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -24,19 +24,13 @@ const ( type PullRequestGenerator struct { client client.Client selectServiceProviderFunc func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) - auth SCMAuthProviders - scmRootCAPath string - allowedSCMProviders []string - enableSCMProviders bool + SCMConfig } -func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string, allowedScmProviders []string, enableSCMProviders bool) Generator { +func NewPullRequestGenerator(client client.Client, scmConfig SCMConfig) Generator { g := &PullRequestGenerator{ - client: client, - auth: auth, - scmRootCAPath: scmRootCAPath, - allowedSCMProviders: allowedScmProviders, - enableSCMProviders: enableSCMProviders, + client: client, + SCMConfig: scmConfig, } g.selectServiceProviderFunc = g.selectServiceProvider return g @@ -103,6 +97,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha paramMap := map[string]interface{}{ "number": strconv.Itoa(pull.Number), + "title": pull.Title, "branch": pull.Branch, "branch_slug": slug.Make(pull.Branch), "target_branch": pull.TargetBranch, @@ -110,6 +105,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha "head_sha": pull.HeadSHA, "head_short_sha": pull.HeadSHA[:shortSHALength], "head_short_sha_7": pull.HeadSHA[:shortSHALength7], + "author": pull.Author, } // PR lables will only be supported for Go Template appsets, since fasttemplate will be deprecated. @@ -135,15 +131,23 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera } if generatorConfig.GitLab != nil { providerConfig := generatorConfig.GitLab - token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) + var caCerts []byte + var prErr error + if providerConfig.CARef != nil { + caCerts, prErr = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace) + if prErr != nil { + return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", prErr) + } + } + token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } - return pullrequest.NewGitLabService(ctx, token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure) + return pullrequest.NewGitLabService(ctx, token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure, caCerts) } if generatorConfig.Gitea != nil { providerConfig := generatorConfig.Gitea - token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) + token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } @@ -151,26 +155,40 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera } if generatorConfig.BitbucketServer != nil { providerConfig := generatorConfig.BitbucketServer - if providerConfig.BasicAuth != nil { - password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) + var caCerts []byte + var prErr error + if providerConfig.CARef != nil { + caCerts, prErr = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace) + if prErr != nil { + return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", prErr) + } + } + if providerConfig.BearerToken != nil { + appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace) + if err != nil { + return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err) + } + return pullrequest.NewBitbucketServiceBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts) + } else if providerConfig.BasicAuth != nil { + password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } - return pullrequest.NewBitbucketServiceBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.Repo) + return pullrequest.NewBitbucketServiceBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts) } else { - return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo) + return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts) } } if generatorConfig.Bitbucket != nil { providerConfig := generatorConfig.Bitbucket if providerConfig.BearerToken != nil { - appToken, err := g.getSecretRef(ctx, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace) + appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err) } return pullrequest.NewBitbucketCloudServiceBearerToken(providerConfig.API, appToken, providerConfig.Owner, providerConfig.Repo) } else if providerConfig.BasicAuth != nil { - password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) + password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } @@ -181,7 +199,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera } if generatorConfig.AzureDevOps != nil { providerConfig := generatorConfig.AzureDevOps - token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) + token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } @@ -193,7 +211,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alpha1.PullRequestGeneratorGithub, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) { // use an app if it was configured if cfg.AppSecretName != "" { - auth, err := g.auth.GitHubApps.GetAuthSecret(ctx, cfg.AppSecretName) + auth, err := g.GitHubApps.GetAuthSecret(ctx, cfg.AppSecretName) if err != nil { return nil, fmt.Errorf("error getting GitHub App secret: %w", err) } @@ -201,33 +219,9 @@ func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alph } // always default to token, even if not set (public access) - token, err := g.getSecretRef(ctx, cfg.TokenRef, applicationSetInfo.Namespace) + token, err := utils.GetSecretRef(ctx, g.client, cfg.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } return pullrequest.NewGithubService(ctx, token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels) } - -// getSecretRef gets the value of the key for the specified Secret resource. -func (g *PullRequestGenerator) getSecretRef(ctx context.Context, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) { - if ref == nil { - return "", nil - } - - secret := &corev1.Secret{} - err := g.client.Get( - ctx, - client.ObjectKey{ - Name: ref.SecretName, - Namespace: namespace, - }, - secret) - if err != nil { - return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err) - } - tokenBytes, ok := secret.Data[ref.Key] - if !ok { - return "", fmt.Errorf("key %q in secret %s/%s not found", ref.Key, namespace, ref.SecretName) - } - return string(tokenBytes), nil -} diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go index b293623077009..e02e7312b350f 100644 --- a/applicationset/generators/pull_request_test.go +++ b/applicationset/generators/pull_request_test.go @@ -7,9 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client/fake" pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -30,9 +28,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { []*pullrequest.PullRequest{ { Number: 1, + Title: "title1", Branch: "branch1", TargetBranch: "master", HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "testName", }, }, nil, @@ -41,6 +41,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { expected: []map[string]interface{}{ { "number": "1", + "title": "title1", "branch": "branch1", "branch_slug": "branch1", "target_branch": "master", @@ -48,6 +49,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", "head_short_sha": "089d92cb", "head_short_sha_7": "089d92c", + "author": "testName", }, }, expectedErr: nil, @@ -59,9 +61,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { []*pullrequest.PullRequest{ { Number: 2, + Title: "title2", Branch: "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", TargetBranch: "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", HeadSHA: "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", + Author: "testName", }, }, nil, @@ -70,6 +74,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { expected: []map[string]interface{}{ { "number": "2", + "title": "title2", "branch": "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", "branch_slug": "feat-areally-long-pull-request-name-to-test-argo", "target_branch": "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", @@ -77,6 +82,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { "head_sha": "9b34ff5bd418e57d58891eb0aa0728043ca1e8be", "head_short_sha": "9b34ff5b", "head_short_sha_7": "9b34ff5", + "author": "testName", }, }, expectedErr: nil, @@ -88,9 +94,11 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { []*pullrequest.PullRequest{ { Number: 1, + Title: "title1", Branch: "a-very-short-sha", TargetBranch: "master", HeadSHA: "abcd", + Author: "testName", }, }, nil, @@ -99,6 +107,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { expected: []map[string]interface{}{ { "number": "1", + "title": "title1", "branch": "a-very-short-sha", "branch_slug": "a-very-short-sha", "target_branch": "master", @@ -106,6 +115,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { "head_sha": "abcd", "head_short_sha": "abcd", "head_short_sha_7": "abcd", + "author": "testName", }, }, expectedErr: nil, @@ -128,10 +138,12 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { []*pullrequest.PullRequest{ { Number: 1, + Title: "title1", Branch: "branch1", TargetBranch: "master", HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", Labels: []string{"preview"}, + Author: "testName", }, }, nil, @@ -140,6 +152,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { expected: []map[string]interface{}{ { "number": "1", + "title": "title1", "branch": "branch1", "branch_slug": "branch1", "target_branch": "master", @@ -148,6 +161,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { "head_short_sha": "089d92cb", "head_short_sha_7": "089d92c", "labels": []string{"preview"}, + "author": "testName", }, }, expectedErr: nil, @@ -165,10 +179,12 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { []*pullrequest.PullRequest{ { Number: 1, + Title: "title1", Branch: "branch1", TargetBranch: "master", HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", Labels: []string{"preview"}, + Author: "testName", }, }, nil, @@ -177,6 +193,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { expected: []map[string]interface{}{ { "number": "1", + "title": "title1", "branch": "branch1", "branch_slug": "branch1", "target_branch": "master", @@ -184,6 +201,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", "head_short_sha": "089d92cb", "head_short_sha_7": "089d92c", + "author": "testName", }, }, expectedErr: nil, @@ -214,76 +232,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { } } -func TestPullRequestGetSecretRef(t *testing.T) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Name: "test-secret", Namespace: "test"}, - Data: map[string][]byte{ - "my-token": []byte("secret"), - }, - } - gen := &PullRequestGenerator{client: fake.NewClientBuilder().WithObjects(secret).Build()} - ctx := context.Background() - - cases := []struct { - name, namespace, token string - ref *argoprojiov1alpha1.SecretRef - hasError bool - }{ - { - name: "valid ref", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"}, - namespace: "test", - token: "secret", - hasError: false, - }, - { - name: "nil ref", - ref: nil, - namespace: "test", - token: "", - hasError: false, - }, - { - name: "wrong name", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "other", Key: "my-token"}, - namespace: "test", - token: "", - hasError: true, - }, - { - name: "wrong key", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "other-token"}, - namespace: "test", - token: "", - hasError: true, - }, - { - name: "wrong namespace", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"}, - namespace: "other", - token: "", - hasError: true, - }, - } - - for _, c := range cases { - t.Run(c.name, func(t *testing.T) { - token, err := gen.getSecretRef(ctx, c.ref, c.namespace) - if c.hasError { - require.Error(t, err) - } else { - require.NoError(t, err) - } - assert.Equal(t, c.token, token) - }) - } -} - func TestAllowedSCMProviderPullRequest(t *testing.T) { cases := []struct { name string providerConfig *argoprojiov1alpha1.PullRequestGenerator - expectedError error }{ { name: "Error Github", @@ -292,7 +244,6 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitlab", @@ -301,7 +252,6 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitea", @@ -310,7 +260,6 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Bitbucket", @@ -319,7 +268,6 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, } @@ -329,13 +277,13 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { t.Run(testCaseCopy.name, func(t *testing.T) { t.Parallel() - pullRequestGenerator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{ + pullRequestGenerator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{ "github.myorg.com", "gitlab.myorg.com", "gitea.myorg.com", "bitbucket.myorg.com", "azuredevops.myorg.com", - }, true) + }, true, nil)) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -351,13 +299,14 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { _, err := pullRequestGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) require.Error(t, err, "Must return an error") - assert.ErrorAs(t, err, testCaseCopy.expectedError) + var expectedError ErrDisallowedSCMProvider + assert.ErrorAs(t, err, &expectedError) }) } } func TestSCMProviderDisabled_PRGenerator(t *testing.T) { - generator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{}, false) + generator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{}, false, nil)) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 0f90240fdb25c..85a2550ae21f9 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -7,7 +7,6 @@ import ( "strings" "time" - corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" log "github.com/sirupsen/logrus" @@ -29,29 +28,36 @@ type SCMProviderGenerator struct { client client.Client // Testing hooks. overrideProvider scm_provider.SCMProviderService - SCMAuthProviders + SCMConfig +} +type SCMConfig struct { scmRootCAPath string allowedSCMProviders []string enableSCMProviders bool + GitHubApps github_app_auth.Credentials } -type SCMAuthProviders struct { - GitHubApps github_app_auth.Credentials -} - -func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool) Generator { - return &SCMProviderGenerator{ - client: client, - SCMAuthProviders: providers, +func NewSCMConfig(scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool, gitHubApps github_app_auth.Credentials) SCMConfig { + return SCMConfig{ scmRootCAPath: scmRootCAPath, allowedSCMProviders: allowedSCMProviders, enableSCMProviders: enableSCMProviders, + GitHubApps: gitHubApps, + } +} + +func NewSCMProviderGenerator(client client.Client, scmConfig SCMConfig) Generator { + return &SCMProviderGenerator{ + client: client, + SCMConfig: scmConfig, } } // Testing generator func NewTestSCMProviderGenerator(overrideProvider scm_provider.SCMProviderService) Generator { - return &SCMProviderGenerator{overrideProvider: overrideProvider, enableSCMProviders: true} + return &SCMProviderGenerator{overrideProvider: overrideProvider, SCMConfig: SCMConfig{ + enableSCMProviders: true, + }} } func (g *SCMProviderGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration { @@ -139,16 +145,25 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha return nil, fmt.Errorf("scm provider: %w", err) } } else if providerConfig.Gitlab != nil { - token, err := g.getSecretRef(ctx, providerConfig.Gitlab.TokenRef, applicationSetInfo.Namespace) + providerConfig := providerConfig.Gitlab + var caCerts []byte + var scmError error + if providerConfig.CARef != nil { + caCerts, scmError = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace) + if scmError != nil { + return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError) + } + } + token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Gitlab token: %w", err) } - provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.WillIncludeSharedProjects(), providerConfig.Gitlab.Insecure, g.scmRootCAPath, providerConfig.Gitlab.Topic) + provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Group, token, providerConfig.API, providerConfig.AllBranches, providerConfig.IncludeSubgroups, providerConfig.WillIncludeSharedProjects(), providerConfig.Insecure, g.scmRootCAPath, providerConfig.Topic, caCerts) if err != nil { return nil, fmt.Errorf("error initializing Gitlab service: %w", err) } } else if providerConfig.Gitea != nil { - token, err := g.getSecretRef(ctx, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace) + token, err := utils.GetSecretRef(ctx, g.client, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Gitea token: %w", err) } @@ -158,21 +173,34 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha } } else if providerConfig.BitbucketServer != nil { providerConfig := providerConfig.BitbucketServer + var caCerts []byte var scmError error - if providerConfig.BasicAuth != nil { - password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) + if providerConfig.CARef != nil { + caCerts, scmError = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace) + if scmError != nil { + return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError) + } + } + if providerConfig.BearerToken != nil { + appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace) + if err != nil { + return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err) + } + provider, scmError = scm_provider.NewBitbucketServerProviderBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts) + } else if providerConfig.BasicAuth != nil { + password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } - provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches) + provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts) } else { - provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches) + provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts) } if scmError != nil { return nil, fmt.Errorf("error initializing Bitbucket Server service: %w", scmError) } } else if providerConfig.AzureDevOps != nil { - token, err := g.getSecretRef(ctx, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace) + token, err := utils.GetSecretRef(ctx, g.client, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Azure Devops access token: %w", err) } @@ -181,7 +209,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha return nil, fmt.Errorf("error initializing Azure Devops service: %w", err) } } else if providerConfig.Bitbucket != nil { - appPassword, err := g.getSecretRef(ctx, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace) + appPassword, err := utils.GetSecretRef(ctx, g.client, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %w", err) } @@ -240,29 +268,6 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha return paramsArray, nil } -func (g *SCMProviderGenerator) getSecretRef(ctx context.Context, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) { - if ref == nil { - return "", nil - } - - secret := &corev1.Secret{} - err := g.client.Get( - ctx, - client.ObjectKey{ - Name: ref.SecretName, - Namespace: namespace, - }, - secret) - if err != nil { - return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err) - } - tokenBytes, ok := secret.Data[ref.Key] - if !ok { - return "", fmt.Errorf("key %q in secret %s/%s not found", ref.Key, namespace, ref.SecretName) - } - return string(tokenBytes), nil -} - func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argoprojiov1alpha1.SCMProviderGeneratorGithub, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (scm_provider.SCMProviderService, error) { if github.AppSecretName != "" { auth, err := g.GitHubApps.GetAuthSecret(ctx, github.AppSecretName) @@ -278,7 +283,7 @@ func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argop ) } - token, err := g.getSecretRef(ctx, github.TokenRef, applicationSetInfo.Namespace) + token, err := utils.GetSecretRef(ctx, g.client, github.TokenRef, applicationSetInfo.Namespace) if err != nil { return nil, fmt.Errorf("error fetching Github token: %w", err) } diff --git a/applicationset/generators/scm_provider_test.go b/applicationset/generators/scm_provider_test.go index 04291b6303e83..a52f7e8159b86 100644 --- a/applicationset/generators/scm_provider_test.go +++ b/applicationset/generators/scm_provider_test.go @@ -1,84 +1,16 @@ package generators import ( - "context" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client/fake" "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) -func TestSCMProviderGetSecretRef(t *testing.T) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Name: "test-secret", Namespace: "test"}, - Data: map[string][]byte{ - "my-token": []byte("secret"), - }, - } - gen := &SCMProviderGenerator{client: fake.NewClientBuilder().WithObjects(secret).Build()} - ctx := context.Background() - - cases := []struct { - name, namespace, token string - ref *argoprojiov1alpha1.SecretRef - hasError bool - }{ - { - name: "valid ref", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"}, - namespace: "test", - token: "secret", - hasError: false, - }, - { - name: "nil ref", - ref: nil, - namespace: "test", - token: "", - hasError: false, - }, - { - name: "wrong name", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "other", Key: "my-token"}, - namespace: "test", - token: "", - hasError: true, - }, - { - name: "wrong key", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "other-token"}, - namespace: "test", - token: "", - hasError: true, - }, - { - name: "wrong namespace", - ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"}, - namespace: "other", - token: "", - hasError: true, - }, - } - - for _, c := range cases { - t.Run(c.name, func(t *testing.T) { - token, err := gen.getSecretRef(ctx, c.ref, c.namespace) - if c.hasError { - require.Error(t, err) - } else { - require.NoError(t, err) - } - assert.Equal(t, c.token, token) - }) - } -} - func TestSCMProviderGenerateParams(t *testing.T) { cases := []struct { name string @@ -174,7 +106,7 @@ func TestSCMProviderGenerateParams(t *testing.T) { mockProvider := &scm_provider.MockProvider{ Repos: testCaseCopy.repos, } - scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, enableSCMProviders: true} + scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, SCMConfig: SCMConfig{enableSCMProviders: true}} applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "set", @@ -204,7 +136,6 @@ func TestAllowedSCMProvider(t *testing.T) { cases := []struct { name string providerConfig *argoprojiov1alpha1.SCMProviderGenerator - expectedError error }{ { name: "Error Github", @@ -213,7 +144,6 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitlab", @@ -222,7 +152,6 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitea", @@ -231,7 +160,6 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Bitbucket", @@ -240,7 +168,6 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error AzureDevops", @@ -249,7 +176,6 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, - expectedError: &ErrDisallowedSCMProvider{}, }, } @@ -260,14 +186,16 @@ func TestAllowedSCMProvider(t *testing.T) { t.Parallel() scmGenerator := &SCMProviderGenerator{ - allowedSCMProviders: []string{ - "github.myorg.com", - "gitlab.myorg.com", - "gitea.myorg.com", - "bitbucket.myorg.com", - "azuredevops.myorg.com", + SCMConfig: SCMConfig{ + allowedSCMProviders: []string{ + "github.myorg.com", + "gitlab.myorg.com", + "gitea.myorg.com", + "bitbucket.myorg.com", + "azuredevops.myorg.com", + }, + enableSCMProviders: true, }, - enableSCMProviders: true, } applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ @@ -284,13 +212,14 @@ func TestAllowedSCMProvider(t *testing.T) { _, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) require.Error(t, err, "Must return an error") - assert.ErrorAs(t, err, testCaseCopy.expectedError) + var expectedError ErrDisallowedSCMProvider + assert.ErrorAs(t, err, &expectedError) }) } } func TestSCMProviderDisabled_SCMGenerator(t *testing.T) { - generator := &SCMProviderGenerator{enableSCMProviders: false} + generator := &SCMProviderGenerator{SCMConfig: SCMConfig{enableSCMProviders: false}} applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ diff --git a/applicationset/generators/utils.go b/applicationset/generators/utils.go new file mode 100644 index 0000000000000..84bdda6101006 --- /dev/null +++ b/applicationset/generators/utils.go @@ -0,0 +1,49 @@ +package generators + +import ( + "context" + + "k8s.io/client-go/dynamic" + "k8s.io/client-go/kubernetes" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/argoproj/argo-cd/v2/applicationset/services" +) + +func GetGenerators(ctx context.Context, c client.Client, k8sClient kubernetes.Interface, namespace string, argoCDService services.Repos, dynamicClient dynamic.Interface, scmConfig SCMConfig) map[string]Generator { + terminalGenerators := map[string]Generator{ + "List": NewListGenerator(), + "Clusters": NewClusterGenerator(c, ctx, k8sClient, namespace), + "Git": NewGitGenerator(argoCDService, namespace), + "SCMProvider": NewSCMProviderGenerator(c, scmConfig), + "ClusterDecisionResource": NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), + "PullRequest": NewPullRequestGenerator(c, scmConfig), + "Plugin": NewPluginGenerator(c, ctx, k8sClient, namespace), + } + + nestedGenerators := map[string]Generator{ + "List": terminalGenerators["List"], + "Clusters": terminalGenerators["Clusters"], + "Git": terminalGenerators["Git"], + "SCMProvider": terminalGenerators["SCMProvider"], + "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], + "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], + "Matrix": NewMatrixGenerator(terminalGenerators), + "Merge": NewMergeGenerator(terminalGenerators), + } + + topLevelGenerators := map[string]Generator{ + "List": terminalGenerators["List"], + "Clusters": terminalGenerators["Clusters"], + "Git": terminalGenerators["Git"], + "SCMProvider": terminalGenerators["SCMProvider"], + "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], + "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], + "Matrix": NewMatrixGenerator(nestedGenerators), + "Merge": NewMergeGenerator(nestedGenerators), + } + + return topLevelGenerators +} diff --git a/applicationset/metrics/fake.go b/applicationset/metrics/fake.go new file mode 100644 index 0000000000000..9c1d55d2f24d2 --- /dev/null +++ b/applicationset/metrics/fake.go @@ -0,0 +1,22 @@ +package metrics + +import ( + "github.com/prometheus/client_golang/prometheus" + ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" +) + +// Fake implementation for testing +func NewFakeAppsetMetrics(client ctrlclient.WithWatch) *ApplicationsetMetrics { + reconcileHistogram := prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "argocd_appset_reconcile", + Help: "Application reconciliation performance in seconds.", + // Buckets can be set later on after observing median time + }, + []string{"name", "namespace"}, + ) + + return &ApplicationsetMetrics{ + reconcileHistogram: reconcileHistogram, + } +} diff --git a/applicationset/metrics/metrics.go b/applicationset/metrics/metrics.go new file mode 100644 index 0000000000000..5b5c1cd82c4b3 --- /dev/null +++ b/applicationset/metrics/metrics.go @@ -0,0 +1,131 @@ +package metrics + +import ( + "time" + + "github.com/prometheus/client_golang/prometheus" + "k8s.io/apimachinery/pkg/labels" + "sigs.k8s.io/controller-runtime/pkg/metrics" + + argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" + metricsutil "github.com/argoproj/argo-cd/v2/util/metrics" +) + +var ( + descAppsetLabels *prometheus.Desc + descAppsetDefaultLabels = []string{"namespace", "name"} + descAppsetInfo = prometheus.NewDesc( + "argocd_appset_info", + "Information about applicationset", + append(descAppsetDefaultLabels, "resource_update_status"), + nil, + ) + + descAppsetGeneratedApps = prometheus.NewDesc( + "argocd_appset_owned_applications", + "Number of applications owned by the applicationset", + descAppsetDefaultLabels, + nil, + ) +) + +type ApplicationsetMetrics struct { + reconcileHistogram *prometheus.HistogramVec +} + +type appsetCollector struct { + lister applisters.ApplicationSetLister + // appsClientSet appclientset.Interface + labels []string + filter func(appset *argoappv1.ApplicationSet) bool +} + +func NewApplicationsetMetrics(appsetLister applisters.ApplicationSetLister, appsetLabels []string, appsetFilter func(appset *argoappv1.ApplicationSet) bool) ApplicationsetMetrics { + reconcileHistogram := prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "argocd_appset_reconcile", + Help: "Application reconciliation performance in seconds.", + // Buckets can be set later on after observing median time + }, + descAppsetDefaultLabels, + ) + + appsetCollector := newAppsetCollector(appsetLister, appsetLabels, appsetFilter) + + // Register collectors and metrics + metrics.Registry.MustRegister(reconcileHistogram) + metrics.Registry.MustRegister(appsetCollector) + + return ApplicationsetMetrics{ + reconcileHistogram: reconcileHistogram, + } +} + +func (m *ApplicationsetMetrics) ObserveReconcile(appset *argoappv1.ApplicationSet, duration time.Duration) { + m.reconcileHistogram.WithLabelValues(appset.Namespace, appset.Name).Observe(duration.Seconds()) +} + +func newAppsetCollector(lister applisters.ApplicationSetLister, labels []string, filter func(appset *argoappv1.ApplicationSet) bool) *appsetCollector { + descAppsetDefaultLabels = []string{"namespace", "name"} + + if len(labels) > 0 { + descAppsetLabels = prometheus.NewDesc( + "argocd_appset_labels", + "Applicationset labels translated to Prometheus labels", + append(descAppsetDefaultLabels, metricsutil.NormalizeLabels("label", labels)...), + nil, + ) + } + + return &appsetCollector{ + lister: lister, + labels: labels, + filter: filter, + } +} + +// Describe implements the prometheus.Collector interface +func (c *appsetCollector) Describe(ch chan<- *prometheus.Desc) { + ch <- descAppsetInfo + ch <- descAppsetGeneratedApps + + if len(c.labels) > 0 { + ch <- descAppsetLabels + } +} + +// Collect implements the prometheus.Collector interface +func (c *appsetCollector) Collect(ch chan<- prometheus.Metric) { + appsets, _ := c.lister.List(labels.NewSelector()) + + for _, appset := range appsets { + if c.filter(appset) { + collectAppset(appset, c.labels, ch) + } + } +} + +func collectAppset(appset *argoappv1.ApplicationSet, labelsToCollect []string, ch chan<- prometheus.Metric) { + labelValues := make([]string, 0) + commonLabelValues := []string{appset.Namespace, appset.Name} + + for _, label := range labelsToCollect { + labelValues = append(labelValues, appset.GetLabels()[label]) + } + + resourceUpdateStatus := "Unknown" + + for _, condition := range appset.Status.Conditions { + if condition.Type == argoappv1.ApplicationSetConditionResourcesUpToDate { + resourceUpdateStatus = condition.Reason + } + } + + if len(labelsToCollect) > 0 { + ch <- prometheus.MustNewConstMetric(descAppsetLabels, prometheus.GaugeValue, 1, append(commonLabelValues, labelValues...)...) + } + + ch <- prometheus.MustNewConstMetric(descAppsetInfo, prometheus.GaugeValue, 1, appset.Namespace, appset.Name, resourceUpdateStatus) + ch <- prometheus.MustNewConstMetric(descAppsetGeneratedApps, prometheus.GaugeValue, float64(len(appset.Status.Resources)), appset.Namespace, appset.Name) +} diff --git a/applicationset/metrics/metrics_test.go b/applicationset/metrics/metrics_test.go new file mode 100644 index 0000000000000..b9ed0ae6ec57a --- /dev/null +++ b/applicationset/metrics/metrics_test.go @@ -0,0 +1,256 @@ +package metrics + +import ( + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" + + "github.com/argoproj/argo-cd/v2/applicationset/utils" + argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + + "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "k8s.io/apimachinery/pkg/runtime" + ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" + fake "sigs.k8s.io/controller-runtime/pkg/client/fake" + + prometheus "github.com/prometheus/client_golang/prometheus" + + metricsutil "github.com/argoproj/argo-cd/v2/util/metrics" + + "sigs.k8s.io/controller-runtime/pkg/metrics" + + "sigs.k8s.io/yaml" +) + +var ( + applicationsetNamespaces = []string{"argocd", "test-namespace1"} + + filter = func(appset *argoappv1.ApplicationSet) bool { + return utils.IsNamespaceAllowed(applicationsetNamespaces, appset.Namespace) + } + + collectedLabels = []string{"included/test"} +) + +const fakeAppsetList = ` +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: test1 + namespace: argocd + labels: + included/test: test + not-included.label/test: test +spec: + generators: + - git: + directories: + - path: test/* + repoURL: https://github.com/test/test.git + revision: HEAD + template: + metadata: + name: '{{.path.basename}}' + spec: + destination: + namespace: '{{.path.basename}}' + server: https://kubernetes.default.svc + project: default + source: + path: '{{.path.path}}' + repoURL: https://github.com/test/test.git + targetRevision: HEAD +status: + resources: + - group: argoproj.io + health: + status: Missing + kind: Application + name: test-app1 + namespace: argocd + status: OutOfSync + version: v1alpha1 + - group: argoproj.io + health: + status: Missing + kind: Application + name: test-app2 + namespace: argocd + status: OutOfSync + version: v1alpha1 + conditions: + - lastTransitionTime: "2024-01-01T00:00:00Z" + message: Successfully generated parameters for all Applications + reason: ApplicationSetUpToDate + status: "False" + type: ErrorOccurred + - lastTransitionTime: "2024-01-01T00:00:00Z" + message: Successfully generated parameters for all Applications + reason: ParametersGenerated + status: "True" + type: ParametersGenerated + - lastTransitionTime: "2024-01-01T00:00:00Z" + message: ApplicationSet up to date + reason: ApplicationSetUpToDate + status: "True" + type: ResourcesUpToDate +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: test2 + namespace: argocd + labels: + not-included.label/test: test +spec: + generators: + - git: + directories: + - path: test/* + repoURL: https://github.com/test/test.git + revision: HEAD + template: + metadata: + name: '{{.path.basename}}' + spec: + destination: + namespace: '{{.path.basename}}' + server: https://kubernetes.default.svc + project: default + source: + path: '{{.path.path}}' + repoURL: https://github.com/test/test.git + targetRevision: HEAD +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: should-be-filtered-out + namespace: not-allowed +spec: + generators: + - git: + directories: + - path: test/* + repoURL: https://github.com/test/test.git + revision: HEAD + template: + metadata: + name: '{{.path.basename}}' + spec: + destination: + namespace: '{{.path.basename}}' + server: https://kubernetes.default.svc + project: default + source: + path: '{{.path.path}}' + repoURL: https://github.com/test/test.git + targetRevision: HEAD +` + +func newFakeAppsets(fakeAppsetYAML string) []argoappv1.ApplicationSet { + var results []argoappv1.ApplicationSet + + appsetRawYamls := strings.Split(fakeAppsetYAML, "---") + + for _, appsetRawYaml := range appsetRawYamls { + var appset argoappv1.ApplicationSet + err := yaml.Unmarshal([]byte(appsetRawYaml), &appset) + if err != nil { + panic(err) + } + + results = append(results, appset) + } + + return results +} + +func TestApplicationsetCollector(t *testing.T) { + appsetList := newFakeAppsets(fakeAppsetList) + client := initializeClient(appsetList) + metrics.Registry = prometheus.NewRegistry() + + appsetCollector := newAppsetCollector(utils.NewAppsetLister(client), collectedLabels, filter) + + metrics.Registry.MustRegister(appsetCollector) + req, err := http.NewRequest("GET", "/metrics", nil) + require.NoError(t, err) + rr := httptest.NewRecorder() + handler := promhttp.HandlerFor(metrics.Registry, promhttp.HandlerOpts{}) + handler.ServeHTTP(rr, req) + + assert.Equal(t, http.StatusOK, rr.Code) + // Test correct appset_info and owned applications + assert.Contains(t, rr.Body.String(), ` +argocd_appset_info{name="test1",namespace="argocd",resource_update_status="ApplicationSetUpToDate"} 1 +`) + assert.Contains(t, rr.Body.String(), ` +argocd_appset_owned_applications{name="test1",namespace="argocd"} 2 +`) + // Test labels collection - should not include labels not included in the list of collected labels and include the ones that do. + assert.Contains(t, rr.Body.String(), ` +argocd_appset_labels{label_included_test="test",name="test1",namespace="argocd"} 1 +`) + assert.NotContains(t, rr.Body.String(), normalizeLabel("not-included.label/test")) + // If collected label is not present on the applicationset the value should be empty + assert.Contains(t, rr.Body.String(), ` +argocd_appset_labels{label_included_test="",name="test2",namespace="argocd"} 1 +`) + // If ResourcesUpToDate condition is not present on the applicationset the status should be reported as 'Unknown' + assert.Contains(t, rr.Body.String(), ` +argocd_appset_info{name="test2",namespace="argocd",resource_update_status="Unknown"} 1 +`) + // If there are no resources on the applicationset the owned application gague should return 0 + assert.Contains(t, rr.Body.String(), ` +argocd_appset_owned_applications{name="test2",namespace="argocd"} 0 +`) + // Test that filter is working + assert.NotContains(t, rr.Body.String(), `name="should-be-filtered-out"`) +} + +func TestObserveReconcile(t *testing.T) { + appsetList := newFakeAppsets(fakeAppsetList) + client := initializeClient(appsetList) + metrics.Registry = prometheus.NewRegistry() + + appsetMetrics := NewApplicationsetMetrics(utils.NewAppsetLister(client), collectedLabels, filter) + + req, err := http.NewRequest("GET", "/metrics", nil) + require.NoError(t, err) + rr := httptest.NewRecorder() + handler := promhttp.HandlerFor(metrics.Registry, promhttp.HandlerOpts{}) + appsetMetrics.ObserveReconcile(&appsetList[0], 5*time.Second) + handler.ServeHTTP(rr, req) + assert.Contains(t, rr.Body.String(), ` +argocd_appset_reconcile_sum{name="test1",namespace="argocd"} 5 +`) + // If there are no resources on the applicationset the owned application gague should return 0 + assert.Contains(t, rr.Body.String(), ` +argocd_appset_reconcile_count{name="test1",namespace="argocd"} 1 +`) +} + +func initializeClient(appsets []argoappv1.ApplicationSet) ctrlclient.WithWatch { + scheme := runtime.NewScheme() + err := argoappv1.AddToScheme(scheme) + if err != nil { + panic(err) + } + + var clientObjects []ctrlclient.Object + + for _, appset := range appsets { + clientObjects = append(clientObjects, appset.DeepCopy()) + } + + return fake.NewClientBuilder().WithScheme(scheme).WithObjects(clientObjects...).Build() +} + +func normalizeLabel(label string) string { + return metricsutil.NormalizeLabels("label", []string{label})[0] +} diff --git a/applicationset/services/internal/github_app/client.go b/applicationset/services/internal/github_app/client.go index bad6e828aa5c6..742b2bc001383 100644 --- a/applicationset/services/internal/github_app/client.go +++ b/applicationset/services/internal/github_app/client.go @@ -5,7 +5,7 @@ import ( "net/http" "github.com/bradleyfalzon/ghinstallation/v2" - "github.com/google/go-github/v35/github" + "github.com/google/go-github/v63/github" "github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth" ) @@ -26,7 +26,7 @@ func Client(g github_app_auth.Authentication, url string) (*github.Client, error } else { rt.BaseURL = url httpClient := http.Client{Transport: rt} - client, err = github.NewEnterpriseClient(url, url, &httpClient) + client, err = github.NewClient(&httpClient).WithEnterpriseURLs(url, url) if err != nil { return nil, fmt.Errorf("failed to create github enterprise client: %w", err) } diff --git a/applicationset/services/mocks/Repos.go b/applicationset/services/mocks/Repos.go index 7daf3cccc7aab..2bc9be358c379 100644 --- a/applicationset/services/mocks/Repos.go +++ b/applicationset/services/mocks/Repos.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/applicationset/services/pull_request/azure_devops.go b/applicationset/services/pull_request/azure_devops.go index 8e83d01221a44..ff3cfede5c8a9 100644 --- a/applicationset/services/pull_request/azure_devops.go +++ b/applicationset/services/pull_request/azure_devops.go @@ -95,9 +95,11 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) { if *pr.Repository.Name == a.repo { pullRequests = append(pullRequests, &PullRequest{ Number: *pr.PullRequestId, + Title: *pr.Title, Branch: strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1), HeadSHA: *pr.LastMergeSourceCommit.CommitId, Labels: azureDevOpsLabels, + Author: strings.Split(*pr.CreatedBy.UniqueName, "@")[0], // Get the part before the @ in the email-address }) } } diff --git a/applicationset/services/pull_request/azure_devops_test.go b/applicationset/services/pull_request/azure_devops_test.go index 5c6f344bc5f29..50f9f7511e0ff 100644 --- a/applicationset/services/pull_request/azure_devops_test.go +++ b/applicationset/services/pull_request/azure_devops_test.go @@ -4,6 +4,8 @@ import ( "context" "testing" + "github.com/microsoft/azure-devops-go-api/azuredevops/webapi" + "github.com/microsoft/azure-devops-go-api/azuredevops/core" git "github.com/microsoft/azure-devops-go-api/azuredevops/git" "github.com/stretchr/testify/assert" @@ -29,6 +31,10 @@ func createLabelsPtr(x []core.WebApiTagDefinition) *[]core.WebApiTagDefinition { return &x } +func createUniqueNamePtr(x string) *string { + return &x +} + type AzureClientFactoryMock struct { mock *mock.Mock } @@ -56,12 +62,15 @@ func TestListPullRequest(t *testing.T) { teamProject := "myorg_project" repoName := "myorg_project_repo" pr_id := 123 + pr_title := "feat(123)" pr_head_sha := "cd4973d9d14a08ffe6b641a89a68891d6aac8056" ctx := context.Background() + uniqueName := "testName" pullRequestMock := []git.GitPullRequest{ { PullRequestId: createIntPtr(pr_id), + Title: createStringPtr(pr_title), SourceRefName: createStringPtr("refs/heads/feature-branch"), LastMergeSourceCommit: &git.GitCommitRef{ CommitId: createStringPtr(pr_head_sha), @@ -70,6 +79,9 @@ func TestListPullRequest(t *testing.T) { Repository: &git.GitRepository{ Name: createStringPtr(repoName), }, + CreatedBy: &webapi.IdentityRef{ + UniqueName: createUniqueNamePtr(uniqueName + "@example.com"), + }, }, } @@ -95,7 +107,9 @@ func TestListPullRequest(t *testing.T) { assert.Len(t, list, 1) assert.Equal(t, "feature-branch", list[0].Branch) assert.Equal(t, pr_head_sha, list[0].HeadSHA) + assert.Equal(t, "feat(123)", list[0].Title) assert.Equal(t, pr_id, list[0].Number) + assert.Equal(t, uniqueName, list[0].Author) } func TestConvertLabes(t *testing.T) { diff --git a/applicationset/services/pull_request/bitbucket_cloud.go b/applicationset/services/pull_request/bitbucket_cloud.go index 88efafe15bee1..2ee79d2cfabee 100644 --- a/applicationset/services/pull_request/bitbucket_cloud.go +++ b/applicationset/services/pull_request/bitbucket_cloud.go @@ -17,7 +17,9 @@ type BitbucketCloudService struct { type BitbucketCloudPullRequest struct { ID int `json:"id"` + Title string `json:"title"` Source BitbucketCloudPullRequestSource `json:"source"` + Author BitbucketCloudPullRequestAuthor `json:"author"` } type BitbucketCloudPullRequestSource struct { @@ -33,6 +35,11 @@ type BitbucketCloudPullRequestSourceCommit struct { Hash string `json:"hash"` } +// Also have display_name and uuid, but don't plan to use them. +type BitbucketCloudPullRequestAuthor struct { + Nickname string `json:"nickname"` +} + type PullRequestResponse struct { Page int32 `json:"page"` Size int32 `json:"size"` @@ -129,8 +136,10 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error) for _, pull := range pulls { pullRequests = append(pullRequests, &PullRequest{ Number: pull.ID, + Title: pull.Title, Branch: pull.Source.Branch.Name, HeadSHA: pull.Source.Commit.Hash, + Author: pull.Author.Nickname, }) } diff --git a/applicationset/services/pull_request/bitbucket_cloud_test.go b/applicationset/services/pull_request/bitbucket_cloud_test.go index cbadc26b16733..77cca79a8019f 100644 --- a/applicationset/services/pull_request/bitbucket_cloud_test.go +++ b/applicationset/services/pull_request/bitbucket_cloud_test.go @@ -27,6 +27,7 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request) "values": [ { "id": 101, + "title": "feat(foo-bar)", "source": { "branch": { "name": "feature/foo-bar" @@ -35,6 +36,9 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request) "type": "commit", "hash": "1a8dd249c04a" } + }, + "author": { + "nickname": "testName" } } ] @@ -86,8 +90,10 @@ func TestListPullRequestBearerTokenCloud(t *testing.T) { require.NoError(t, err) assert.Len(t, pullRequests, 1) assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feat(foo-bar)", pullRequests[0].Title) assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) + assert.Equal(t, "testName", pullRequests[0].Author) } func TestListPullRequestNoAuthCloud(t *testing.T) { @@ -102,8 +108,10 @@ func TestListPullRequestNoAuthCloud(t *testing.T) { require.NoError(t, err) assert.Len(t, pullRequests, 1) assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feat(foo-bar)", pullRequests[0].Title) assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) + assert.Equal(t, "testName", pullRequests[0].Author) } func TestListPullRequestBasicAuthCloud(t *testing.T) { @@ -118,8 +126,10 @@ func TestListPullRequestBasicAuthCloud(t *testing.T) { require.NoError(t, err) assert.Len(t, pullRequests, 1) assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feat(foo-bar)", pullRequests[0].Title) assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) + assert.Equal(t, "testName", pullRequests[0].Author) } func TestListPullRequestPaginationCloud(t *testing.T) { @@ -136,6 +146,7 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "values": [ { "id": 101, + "title": "feat(101)", "source": { "branch": { "name": "feature-101" @@ -144,10 +155,14 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "type": "commit", "hash": "1a8dd249c04a" } + }, + "author": { + "nickname": "testName" } }, { "id": 102, + "title": "feat(102)", "source": { "branch": { "name": "feature-102" @@ -156,6 +171,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "type": "commit", "hash": "4cf807e67a6d" } + }, + "author": { + "nickname": "testName" } } ] @@ -169,6 +187,7 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "values": [ { "id": 103, + "title": "feat(103)", "source": { "branch": { "name": "feature-103" @@ -177,6 +196,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "type": "commit", "hash": "6344d9623e3b" } + }, + "author": { + "nickname": "testName" } } ] @@ -196,18 +218,24 @@ func TestListPullRequestPaginationCloud(t *testing.T) { assert.Len(t, pullRequests, 3) assert.Equal(t, PullRequest{ Number: 101, + Title: "feat(101)", Branch: "feature-101", HeadSHA: "1a8dd249c04a", + Author: "testName", }, *pullRequests[0]) assert.Equal(t, PullRequest{ Number: 102, + Title: "feat(102)", Branch: "feature-102", HeadSHA: "4cf807e67a6d", + Author: "testName", }, *pullRequests[1]) assert.Equal(t, PullRequest{ Number: 103, + Title: "feat(103)", Branch: "feature-103", HeadSHA: "6344d9623e3b", + Author: "testName", }, *pullRequests[2]) } @@ -309,6 +337,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "values": [ { "id": 101, + "title": "feat(101)", "source": { "branch": { "name": "feature-101" @@ -317,10 +346,14 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "type": "commit", "hash": "1a8dd249c04a" } + }, + "author": { + "nickname": "testName" } }, { "id": 200, + "title": "feat(200)", "source": { "branch": { "name": "feature-200" @@ -329,6 +362,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "type": "commit", "hash": "4cf807e67a6d" } + }, + "author": { + "nickname": "testName" } } ] @@ -342,6 +378,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "values": [ { "id": 102, + "title": "feat(102)", "source": { "branch": { "name": "feature-102" @@ -350,6 +387,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "type": "commit", "hash": "6344d9623e3b" } + }, + "author": { + "nickname": "testName" } } ] @@ -374,13 +414,17 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { assert.Len(t, pullRequests, 2) assert.Equal(t, PullRequest{ Number: 101, + Title: "feat(101)", Branch: "feature-101", HeadSHA: "1a8dd249c04a", + Author: "testName", }, *pullRequests[0]) assert.Equal(t, PullRequest{ Number: 102, + Title: "feat(102)", Branch: "feature-102", HeadSHA: "6344d9623e3b", + Author: "testName", }, *pullRequests[1]) regexp = `.*2$` @@ -395,8 +439,10 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { assert.Len(t, pullRequests, 1) assert.Equal(t, PullRequest{ Number: 102, + Title: "feat(102)", Branch: "feature-102", HeadSHA: "6344d9623e3b", + Author: "testName", }, *pullRequests[0]) regexp = `[\d{2}` diff --git a/applicationset/services/pull_request/bitbucket_server.go b/applicationset/services/pull_request/bitbucket_server.go index 22c78f5323418..1f2be70edb428 100644 --- a/applicationset/services/pull_request/bitbucket_server.go +++ b/applicationset/services/pull_request/bitbucket_server.go @@ -3,6 +3,7 @@ package pull_request import ( "context" "fmt" + "net/http" bitbucketv1 "github.com/gfleury/go-bitbucket-v1" log "github.com/sirupsen/logrus" @@ -20,7 +21,7 @@ type BitbucketService struct { var _ PullRequestService = (*BitbucketService)(nil) -func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url, projectKey, repositorySlug string) (PullRequestService, error) { +func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) { bitbucketConfig := bitbucketv1.NewConfiguration(url) // Avoid the XSRF check bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check") @@ -30,15 +31,29 @@ func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url, UserName: username, Password: password, }) - return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug) + return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug, scmRootCAPath, insecure, caCerts) } -func NewBitbucketServiceNoAuth(ctx context.Context, url, projectKey, repositorySlug string) (PullRequestService, error) { - return newBitbucketService(ctx, bitbucketv1.NewConfiguration(url), projectKey, repositorySlug) +func NewBitbucketServiceBearerToken(ctx context.Context, bearerToken, url, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) { + bitbucketConfig := bitbucketv1.NewConfiguration(url) + // Avoid the XSRF check + bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check") + bitbucketConfig.AddDefaultHeader("x-requested-with", "XMLHttpRequest") + + ctx = context.WithValue(ctx, bitbucketv1.ContextAccessToken, bearerToken) + return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug, scmRootCAPath, insecure, caCerts) +} + +func NewBitbucketServiceNoAuth(ctx context.Context, url, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) { + return newBitbucketService(ctx, bitbucketv1.NewConfiguration(url), projectKey, repositorySlug, scmRootCAPath, insecure, caCerts) } -func newBitbucketService(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey, repositorySlug string) (PullRequestService, error) { +func newBitbucketService(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) { bitbucketConfig.BasePath = utils.NormalizeBitbucketBasePath(bitbucketConfig.BasePath) + tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts) + bitbucketConfig.HTTPClient = &http.Client{Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + }} bitbucketClient := bitbucketv1.NewAPIClient(ctx, bitbucketConfig) return &BitbucketService{ @@ -68,10 +83,12 @@ func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) { for _, pull := range pulls { pullRequests = append(pullRequests, &PullRequest{ Number: pull.ID, + Title: pull.Title, Branch: pull.FromRef.DisplayID, // ID: refs/heads/main DisplayID: main TargetBranch: pull.ToRef.DisplayID, HeadSHA: pull.FromRef.LatestCommit, // This is not defined in the official docs, but works in practice Labels: []string{}, // Not supported by library + Author: pull.Author.User.Name, }) } diff --git a/applicationset/services/pull_request/bitbucket_server_test.go b/applicationset/services/pull_request/bitbucket_server_test.go index cc3f6863205d6..3c9fe1ddd504e 100644 --- a/applicationset/services/pull_request/bitbucket_server_test.go +++ b/applicationset/services/pull_request/bitbucket_server_test.go @@ -2,6 +2,8 @@ package pull_request import ( "context" + "crypto/x509" + "encoding/pem" "io" "net/http" "net/http/httptest" @@ -26,6 +28,7 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { "values": [ { "id": 101, + "title": "feat(ABC) : 123", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "master", @@ -35,6 +38,11 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { "id": "refs/heads/feature-ABC-123", "displayId": "feature-ABC-123", "latestCommit": "cb3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } } ], @@ -55,15 +63,17 @@ func TestListPullRequestNoAuth(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) require.NoError(t, err) assert.Len(t, pullRequests, 1) assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feat(ABC) : 123", pullRequests[0].Title) assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch) assert.Equal(t, "master", pullRequests[0].TargetBranch) assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA) + assert.Equal(t, "testName", pullRequests[0].Author) } func TestListPullRequestPagination(t *testing.T) { @@ -79,6 +89,7 @@ func TestListPullRequestPagination(t *testing.T) { "values": [ { "id": 101, + "title": "feat(101)", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "master", @@ -88,10 +99,16 @@ func TestListPullRequestPagination(t *testing.T) { "id": "refs/heads/feature-101", "displayId": "feature-101", "latestCommit": "ab3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } }, { "id": 102, + "title": "feat(102)", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "branch", @@ -101,6 +118,11 @@ func TestListPullRequestPagination(t *testing.T) { "id": "refs/heads/feature-102", "displayId": "feature-102", "latestCommit": "bb3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } } ], @@ -114,6 +136,7 @@ func TestListPullRequestPagination(t *testing.T) { "values": [ { "id": 200, + "title": "feat(200)", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "master", @@ -123,6 +146,11 @@ func TestListPullRequestPagination(t *testing.T) { "id": "refs/heads/feature-200", "displayId": "feature-200", "latestCommit": "cb3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } } ], @@ -136,31 +164,37 @@ func TestListPullRequestPagination(t *testing.T) { } })) defer ts.Close() - svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) require.NoError(t, err) assert.Len(t, pullRequests, 3) assert.Equal(t, PullRequest{ Number: 101, + Title: "feat(101)", Branch: "feature-101", TargetBranch: "master", HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", Labels: []string{}, + Author: "testName", }, *pullRequests[0]) assert.Equal(t, PullRequest{ Number: 102, + Title: "feat(102)", Branch: "feature-102", TargetBranch: "branch", HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", Labels: []string{}, + Author: "testName", }, *pullRequests[1]) assert.Equal(t, PullRequest{ Number: 200, + Title: "feat(200)", Branch: "feature-200", TargetBranch: "master", HeadSHA: "cb3cf2e4d1517c83e720d2585b9402dbef71f992", Labels: []string{}, + Author: "testName", }, *pullRequests[2]) } @@ -172,7 +206,7 @@ func TestListPullRequestBasicAuth(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO") + svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) require.NoError(t, err) @@ -182,12 +216,97 @@ func TestListPullRequestBasicAuth(t *testing.T) { assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA) } +func TestListPullRequestBearerAuth(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "Bearer tolkien", r.Header.Get("Authorization")) + assert.Equal(t, "no-check", r.Header.Get("X-Atlassian-Token")) + defaultHandler(t)(w, r) + })) + defer ts.Close() + svc, err := NewBitbucketServiceBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", "REPO", "", false, nil) + require.NoError(t, err) + pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + require.NoError(t, err) + assert.Len(t, pullRequests, 1) + assert.Equal(t, 101, pullRequests[0].Number) + assert.Equal(t, "feat(ABC) : 123", pullRequests[0].Title) + assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch) + assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA) +} + +func TestListPullRequestTLS(t *testing.T) { + tests := []struct { + name string + tlsInsecure bool + passCerts bool + requireErr bool + }{ + { + name: "TLS Insecure: true, No Certs", + tlsInsecure: true, + passCerts: false, + requireErr: false, + }, + { + name: "TLS Insecure: true, With Certs", + tlsInsecure: true, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, With Certs", + tlsInsecure: false, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, No Certs", + tlsInsecure: false, + passCerts: false, + requireErr: true, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + defaultHandler(t)(w, r) + })) + defer ts.Close() + + var certs []byte + if test.passCerts == true { + for _, cert := range ts.TLS.Certificates { + for _, c := range cert.Certificate { + parsedCert, err := x509.ParseCertificate(c) + require.NoError(t, err, "Failed to parse certificate") + certs = append(certs, pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: parsedCert.Raw, + })...) + } + } + } + + svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO", "", test.tlsInsecure, certs) + require.NoError(t, err) + _, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) + if test.requireErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + }) + } +} + func TestListResponseError(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusInternalServerError) })) defer ts.Close() - svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) require.Error(t, err) } @@ -212,7 +331,7 @@ func TestListResponseMalformed(t *testing.T) { } })) defer ts.Close() - svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) require.Error(t, err) } @@ -237,7 +356,7 @@ func TestListResponseEmpty(t *testing.T) { } })) defer ts.Close() - svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) require.NoError(t, err) @@ -257,6 +376,7 @@ func TestListPullRequestBranchMatch(t *testing.T) { "values": [ { "id": 101, + "title": "feat(101)", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "master", @@ -266,10 +386,16 @@ func TestListPullRequestBranchMatch(t *testing.T) { "id": "refs/heads/feature-101", "displayId": "feature-101", "latestCommit": "ab3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } }, { "id": 102, + "title": "feat(102)", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "branch", @@ -279,6 +405,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { "id": "refs/heads/feature-102", "displayId": "feature-102", "latestCommit": "bb3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } } ], @@ -292,6 +423,7 @@ func TestListPullRequestBranchMatch(t *testing.T) { "values": [ { "id": 200, + "title": "feat(200)", "toRef": { "latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a", "displayId": "master", @@ -301,6 +433,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { "id": "refs/heads/feature-200", "displayId": "feature-200", "latestCommit": "cb3cf2e4d1517c83e720d2585b9402dbef71f992" + }, + "author": { + "user": { + "name": "testName" + } } } ], @@ -315,7 +452,7 @@ func TestListPullRequestBranchMatch(t *testing.T) { })) defer ts.Close() regexp := `feature-1[\d]{2}` - svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { @@ -326,21 +463,25 @@ func TestListPullRequestBranchMatch(t *testing.T) { assert.Len(t, pullRequests, 2) assert.Equal(t, PullRequest{ Number: 101, + Title: "feat(101)", Branch: "feature-101", TargetBranch: "master", HeadSHA: "ab3cf2e4d1517c83e720d2585b9402dbef71f992", Labels: []string{}, + Author: "testName", }, *pullRequests[0]) assert.Equal(t, PullRequest{ Number: 102, + Title: "feat(102)", Branch: "feature-102", TargetBranch: "branch", HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", Labels: []string{}, + Author: "testName", }, *pullRequests[1]) regexp = `.*2$` - svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { @@ -351,14 +492,16 @@ func TestListPullRequestBranchMatch(t *testing.T) { assert.Len(t, pullRequests, 1) assert.Equal(t, PullRequest{ Number: 102, + Title: "feat(102)", Branch: "feature-102", TargetBranch: "branch", HeadSHA: "bb3cf2e4d1517c83e720d2585b9402dbef71f992", Labels: []string{}, + Author: "testName", }, *pullRequests[0]) regexp = `[\d{2}` - svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") + svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil) require.NoError(t, err) _, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { diff --git a/applicationset/services/pull_request/gitea.go b/applicationset/services/pull_request/gitea.go index ff385ff281c6d..5f32e4dc307cf 100644 --- a/applicationset/services/pull_request/gitea.go +++ b/applicationset/services/pull_request/gitea.go @@ -57,10 +57,12 @@ func (g *GiteaService) List(ctx context.Context) ([]*PullRequest, error) { for _, pr := range prs { list = append(list, &PullRequest{ Number: int(pr.Index), + Title: pr.Title, Branch: pr.Head.Ref, TargetBranch: pr.Base.Ref, HeadSHA: pr.Head.Sha, Labels: getGiteaPRLabelNames(pr.Labels), + Author: pr.Poster.UserName, }) } return list, nil diff --git a/applicationset/services/pull_request/gitea_test.go b/applicationset/services/pull_request/gitea_test.go index 0e55d2376179e..fbb0fb15aa4ce 100644 --- a/applicationset/services/pull_request/gitea_test.go +++ b/applicationset/services/pull_request/gitea_test.go @@ -256,9 +256,11 @@ func TestGiteaList(t *testing.T) { require.NoError(t, err) assert.Len(t, prs, 1) assert.Equal(t, 1, prs[0].Number) + assert.Equal(t, "add an empty file", prs[0].Title) assert.Equal(t, "test", prs[0].Branch) assert.Equal(t, "main", prs[0].TargetBranch) assert.Equal(t, "7bbaf62d92ddfafd9cc8b340c619abaec32bc09f", prs[0].HeadSHA) + assert.Equal(t, "graytshirt", prs[0].Author) } func TestGetGiteaPRLabelNames(t *testing.T) { diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go index 7c801e7370f53..b63f2a9de6a8e 100644 --- a/applicationset/services/pull_request/github.go +++ b/applicationset/services/pull_request/github.go @@ -5,7 +5,7 @@ import ( "fmt" "os" - "github.com/google/go-github/v35/github" + "github.com/google/go-github/v63/github" "golang.org/x/oauth2" ) @@ -35,7 +35,7 @@ func NewGithubService(ctx context.Context, token, url, owner, repo string, label client = github.NewClient(httpClient) } else { var err error - client, err = github.NewEnterpriseClient(url, url, httpClient) + client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url) if err != nil { return nil, err } @@ -66,10 +66,12 @@ func (g *GithubService) List(ctx context.Context) ([]*PullRequest, error) { } pullRequests = append(pullRequests, &PullRequest{ Number: *pull.Number, + Title: *pull.Title, Branch: *pull.Head.Ref, TargetBranch: *pull.Base.Ref, HeadSHA: *pull.Head.SHA, Labels: getGithubPRLabelNames(pull.Labels), + Author: *pull.User.Login, }) } if resp.NextPage == 0 { diff --git a/applicationset/services/pull_request/github_test.go b/applicationset/services/pull_request/github_test.go index c47031acb7e31..30b908f9fb1b6 100644 --- a/applicationset/services/pull_request/github_test.go +++ b/applicationset/services/pull_request/github_test.go @@ -3,7 +3,7 @@ package pull_request import ( "testing" - "github.com/google/go-github/v35/github" + "github.com/google/go-github/v63/github" "github.com/stretchr/testify/assert" ) diff --git a/applicationset/services/pull_request/gitlab.go b/applicationset/services/pull_request/gitlab.go index 7f88c4a230706..c4e49881a4393 100644 --- a/applicationset/services/pull_request/gitlab.go +++ b/applicationset/services/pull_request/gitlab.go @@ -21,7 +21,7 @@ type GitLabService struct { var _ PullRequestService = (*GitLabService)(nil) -func NewGitLabService(ctx context.Context, token, url, project string, labels []string, pullRequestState string, scmRootCAPath string, insecure bool) (PullRequestService, error) { +func NewGitLabService(ctx context.Context, token, url, project string, labels []string, pullRequestState string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) { var clientOptionFns []gitlab.ClientOptionFunc // Set a custom Gitlab base URL if one is provided @@ -34,7 +34,7 @@ func NewGitLabService(ctx context.Context, token, url, project string, labels [] } tr := http.DefaultTransport.(*http.Transport).Clone() - tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure) + tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure, caCerts) retryClient := retryablehttp.NewClient() retryClient.HTTPClient.Transport = tr @@ -56,11 +56,11 @@ func NewGitLabService(ctx context.Context, token, url, project string, labels [] func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) { // Filter the merge requests on labels, if they are specified. - var labels *gitlab.Labels + var labels *gitlab.LabelOptions if len(g.labels) > 0 { - labels = (*gitlab.Labels)(&g.labels) + var labelsList gitlab.LabelOptions = g.labels + labels = &labelsList } - opts := &gitlab.ListProjectMergeRequestsOptions{ ListOptions: gitlab.ListOptions{ PerPage: 100, @@ -81,10 +81,12 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) { for _, mr := range mrs { pullRequests = append(pullRequests, &PullRequest{ Number: mr.IID, + Title: mr.Title, Branch: mr.SourceBranch, TargetBranch: mr.TargetBranch, HeadSHA: mr.SHA, Labels: mr.Labels, + Author: mr.Author.Username, }) } if resp.NextPage == 0 { diff --git a/applicationset/services/pull_request/gitlab_test.go b/applicationset/services/pull_request/gitlab_test.go index cc8eed7bea102..f9e845595e224 100644 --- a/applicationset/services/pull_request/gitlab_test.go +++ b/applicationset/services/pull_request/gitlab_test.go @@ -2,6 +2,8 @@ package pull_request import ( "context" + "crypto/x509" + "encoding/pem" "io" "net/http" "net/http/httptest" @@ -35,7 +37,7 @@ func TestGitLabServiceCustomBaseURL(t *testing.T) { writeMRListResponse(t, w) }) - svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", nil, "", "", false) + svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", nil, "", "", false, nil) require.NoError(t, err) _, err = svc.List(context.Background()) @@ -54,7 +56,7 @@ func TestGitLabServiceToken(t *testing.T) { writeMRListResponse(t, w) }) - svc, err := NewGitLabService(context.Background(), "token-123", server.URL, "278964", nil, "", "", false) + svc, err := NewGitLabService(context.Background(), "token-123", server.URL, "278964", nil, "", "", false, nil) require.NoError(t, err) _, err = svc.List(context.Background()) @@ -73,16 +75,18 @@ func TestList(t *testing.T) { writeMRListResponse(t, w) }) - svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "", "", false) + svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "", "", false, nil) require.NoError(t, err) prs, err := svc.List(context.Background()) require.NoError(t, err) assert.Len(t, prs, 1) assert.Equal(t, 15442, prs[0].Number) + assert.Equal(t, "Draft: Use structured logging for DB load balancer", prs[0].Title) assert.Equal(t, "use-structured-logging-for-db-load-balancer", prs[0].Branch) assert.Equal(t, "master", prs[0].TargetBranch) assert.Equal(t, "2fc4e8b972ff3208ec63b6143e34ad67ff343ad7", prs[0].HeadSHA) + assert.Equal(t, "hfyngvason", prs[0].Author) } func TestListWithLabels(t *testing.T) { @@ -97,7 +101,7 @@ func TestListWithLabels(t *testing.T) { writeMRListResponse(t, w) }) - svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{"feature", "ready"}, "", "", false) + svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{"feature", "ready"}, "", "", false, nil) require.NoError(t, err) _, err = svc.List(context.Background()) @@ -116,9 +120,77 @@ func TestListWithState(t *testing.T) { writeMRListResponse(t, w) }) - svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "opened", "", false) + svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "opened", "", false, nil) require.NoError(t, err) _, err = svc.List(context.Background()) require.NoError(t, err) } + +func TestListWithStateTLS(t *testing.T) { + tests := []struct { + name string + tlsInsecure bool + passCerts bool + requireErr bool + }{ + { + name: "TLS Insecure: true, No Certs", + tlsInsecure: true, + passCerts: false, + requireErr: false, + }, + { + name: "TLS Insecure: true, With Certs", + tlsInsecure: true, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, With Certs", + tlsInsecure: false, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, No Certs", + tlsInsecure: false, + passCerts: false, + requireErr: true, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + writeMRListResponse(t, w) + })) + defer ts.Close() + + var certs []byte + if test.passCerts == true { + for _, cert := range ts.TLS.Certificates { + for _, c := range cert.Certificate { + parsedCert, err := x509.ParseCertificate(c) + require.NoError(t, err, "Failed to parse certificate") + certs = append(certs, pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: parsedCert.Raw, + })...) + } + } + } + + svc, err := NewGitLabService(context.Background(), "", ts.URL, "278964", []string{}, "opened", "", test.tlsInsecure, certs) + require.NoError(t, err) + + _, err = svc.List(context.Background()) + if test.requireErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/applicationset/services/pull_request/interface.go b/applicationset/services/pull_request/interface.go index 0015cfe5eafa6..07637b3f95973 100644 --- a/applicationset/services/pull_request/interface.go +++ b/applicationset/services/pull_request/interface.go @@ -8,6 +8,8 @@ import ( type PullRequest struct { // Number is a number that will be the ID of the pull request. Number int + // Title of the pull request. + Title string // Branch is the name of the branch from which the pull request originated. Branch string // TargetBranch is the name of the target branch of the pull request. @@ -16,6 +18,8 @@ type PullRequest struct { HeadSHA string // Labels of the pull request. Labels []string + // Author is the author of the pull request. + Author string } type PullRequestService interface { diff --git a/applicationset/services/pull_request/utils_test.go b/applicationset/services/pull_request/utils_test.go index a352348d40588..1c74ae4b66b01 100644 --- a/applicationset/services/pull_request/utils_test.go +++ b/applicationset/services/pull_request/utils_test.go @@ -20,9 +20,11 @@ func TestFilterBranchMatchBadRegexp(t *testing.T) { []*PullRequest{ { Number: 1, + Title: "PR branch1", Branch: "branch1", TargetBranch: "master", HeadSHA: "089d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name1", }, }, nil, @@ -42,27 +44,35 @@ func TestFilterBranchMatch(t *testing.T) { []*PullRequest{ { Number: 1, + Title: "PR one", Branch: "one", TargetBranch: "master", HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name1", }, { Number: 2, + Title: "PR two", Branch: "two", TargetBranch: "master", HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name2", }, { Number: 3, + Title: "PR three", Branch: "three", TargetBranch: "master", HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name3", }, { Number: 4, + Title: "PR four", Branch: "four", TargetBranch: "master", HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name4", }, }, nil, @@ -84,27 +94,35 @@ func TestFilterTargetBranchMatch(t *testing.T) { []*PullRequest{ { Number: 1, + Title: "PR one", Branch: "one", TargetBranch: "master", HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name1", }, { Number: 2, + Title: "PR two", Branch: "two", TargetBranch: "branch1", HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name2", }, { Number: 3, + Title: "PR three", Branch: "three", TargetBranch: "branch2", HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name3", }, { Number: 4, + Title: "PR four", Branch: "four", TargetBranch: "branch3", HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name4", }, }, nil, @@ -126,27 +144,35 @@ func TestMultiFilterOr(t *testing.T) { []*PullRequest{ { Number: 1, + Title: "PR one", Branch: "one", TargetBranch: "master", HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name1", }, { Number: 2, + Title: "PR two", Branch: "two", TargetBranch: "master", HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name2", }, { Number: 3, + Title: "PR three", Branch: "three", TargetBranch: "master", HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name3", }, { Number: 4, + Title: "PR four", Branch: "four", TargetBranch: "master", HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name4", }, }, nil, @@ -173,27 +199,35 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) { []*PullRequest{ { Number: 1, + Title: "PR one", Branch: "one", TargetBranch: "master", HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name1", }, { Number: 2, + Title: "PR two", Branch: "two", TargetBranch: "branch1", HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name2", }, { Number: 3, + Title: "PR three", Branch: "three", TargetBranch: "branch2", HeadSHA: "389d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name3", }, { Number: 4, + Title: "PR four", Branch: "four", TargetBranch: "branch3", HeadSHA: "489d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name4", }, }, nil, @@ -221,15 +255,19 @@ func TestNoFilters(t *testing.T) { []*PullRequest{ { Number: 1, + Title: "PR one", Branch: "one", TargetBranch: "master", HeadSHA: "189d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name1", }, { Number: 2, + Title: "PR two", Branch: "two", TargetBranch: "master", HeadSHA: "289d92cbf9ff857a39e6feccd32798ca700fb958", + Author: "name2", }, }, nil, diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index 1baad1f97ff2b..f415a9a6d1d7c 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -18,8 +18,6 @@ type argoCDService struct { newFileGlobbingEnabled bool } -//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=Repos - type Repos interface { // GetFiles returns content of files (not directories) within the target repo GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error) diff --git a/applicationset/services/repo_service_test.go b/applicationset/services/repo_service_test.go index dbce9843a1b23..c621c317a9f4f 100644 --- a/applicationset/services/repo_service_test.go +++ b/applicationset/services/repo_service_test.go @@ -191,6 +191,6 @@ func TestNewArgoCDService(t *testing.T) { service, err := NewArgoCDService(func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { return &v1alpha1.Repository{}, nil }, false, &repo_mocks.Clientset{}, false) - require.NoError(t, err, err) + require.NoError(t, err) assert.NotNil(t, service) } diff --git a/applicationset/services/scm_provider/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/applicationset/services/scm_provider/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..c50d8d217e77e --- /dev/null +++ b/applicationset/services/scm_provider/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,180 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetFolderWithContext") + } + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithContext") + } + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListBranchesWithContext") + } + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListRepositoriesWithContext") + } + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSCodeCommitClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/applicationset/services/scm_provider/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..b5e9112df0511 --- /dev/null +++ b/applicationset/services/scm_provider/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,68 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetResourcesWithContext") + } + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSTaggingClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/applicationset/services/scm_provider/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go new file mode 100644 index 0000000000000..902859672cd0e --- /dev/null +++ b/applicationset/services/scm_provider/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -0,0 +1,3335 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + core "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" + + io "io" + + mock "github.com/stretchr/testify/mock" + + webapi "github.com/microsoft/azure-devops-go-api/azuredevops/webapi" +) + +// Client is an autogenerated mock type for the Client type +type Client struct { + mock.Mock +} + +// CreateAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAttachment") + } + + var r0 *git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCommitStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCommitStatus") + } + + var r0 *git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CreateMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePush provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeleteAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteAttachment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteComment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestIterationStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestLabels") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestReviewer") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRefFavorite") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepository") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepositoryFromRecycleBin") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachments") + } + + var r0 *[]git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlob provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlob") + } + + var r0 *git.GitBlobRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBlobRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobsZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobsZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranch") + } + + var r0 *git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranches provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranches") + } + + var r0 *[]git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetChanges") + } + + var r0 *git.GitCommitChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPickForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPickForRefName") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComments") + } + + var r0 *[]git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommit provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommit") + } + + var r0 *git.GitCommit + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommit) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitDiffs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitDiffs") + } + + var r0 *git.GitCommitDiffs + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitDiffs) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitsBatch") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetDeletedRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetDeletedRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequests") + } + + var r0 *[]git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForks provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForks") + } + + var r0 *[]git.GitRepositoryRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepositoryRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItem provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItem") + } + + var r0 *git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemText provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemText") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItems provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItems") + } + + var r0 *[]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemsBatch") + } + + var r0 *[][]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[][]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetLikes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetLikes") + } + + var r0 *[]webapi.IdentityRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.IdentityRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeBases provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeBases") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPolicyConfigurations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPolicyConfigurations") + } + + var r0 *git.GitPolicyConfigurationResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPolicyConfigurationResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestById provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestById") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestCommits") + } + + var r0 *git.GetPullRequestCommitsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetPullRequestCommitsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIteration provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIteration") + } + + var r0 *git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationChanges") + } + + var r0 *git.GitPullRequestIterationChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIterationChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterations") + } + + var r0 *[]git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabels") + } + + var r0 *[]core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestQuery provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestQuery") + } + + var r0 *git.GitPullRequestQuery + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestQuery) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestWorkItemRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestWorkItemRefs") + } + + var r0 *[]webapi.ResourceRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.ResourceRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequests") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestsByProject provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestsByProject") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPush provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushes") + } + + var r0 *[]git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRecycleBinRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRecycleBinRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorites provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorites") + } + + var r0 *[]git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefs") + } + + var r0 *git.GetRefsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetRefsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositories") + } + + var r0 *[]git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithParent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithParent") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevertForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevertForRefName") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetStatuses") + } + + var r0 *[]git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetSuggestions provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetSuggestions") + } + + var r0 *[]git.GitSuggestion + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitSuggestion) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetThreads provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetThreads") + } + + var r0 *[]git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTree provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTree") + } + + var r0 *git.GitTreeRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitTreeRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTreeZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTreeZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// QueryImportRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for QueryImportRequests") + } + + var r0 *[]git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RestoreRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for RestoreRepositoryFromRecycleBin") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SharePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for SharePullRequest") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestIterationStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestReviewers") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateRef provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRef") + } + + var r0 *git.GitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRefs") + } + + var r0 *[]git.GitRefUpdateResult + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefUpdateResult) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go index b9d6f6a5d5956..0595bc425a8fc 100644 --- a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go +++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.26.1. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -17,14 +17,6 @@ type AWSCodeCommitClient struct { mock.Mock } -type AWSCodeCommitClient_Expecter struct { - mock *mock.Mock -} - -func (_m *AWSCodeCommitClient) EXPECT() *AWSCodeCommitClient_Expecter { - return &AWSCodeCommitClient_Expecter{mock: &_m.Mock} -} - // GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { _va := make([]interface{}, len(_a2)) @@ -36,6 +28,10 @@ func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *co _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetFolderWithContext") + } + var r0 *codecommit.GetFolderOutput var r1 error if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { @@ -58,43 +54,6 @@ func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *co return r0, r1 } -// AWSCodeCommitClient_GetFolderWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetFolderWithContext' -type AWSCodeCommitClient_GetFolderWithContext_Call struct { - *mock.Call -} - -// GetFolderWithContext is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 *codecommit.GetFolderInput -// - _a2 ...request.Option -func (_e *AWSCodeCommitClient_Expecter) GetFolderWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetFolderWithContext_Call { - return &AWSCodeCommitClient_GetFolderWithContext_Call{Call: _e.mock.On("GetFolderWithContext", - append([]interface{}{_a0, _a1}, _a2...)...)} -} - -func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetFolderWithContext_Call { - _c.Call.Run(func(args mock.Arguments) { - variadicArgs := make([]request.Option, len(args)-2) - for i, a := range args[2:] { - if a != nil { - variadicArgs[i] = a.(request.Option) - } - } - run(args[0].(context.Context), args[1].(*codecommit.GetFolderInput), variadicArgs...) - }) - return _c -} - -func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Return(_a0 *codecommit.GetFolderOutput, _a1 error) *AWSCodeCommitClient_GetFolderWithContext_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)) *AWSCodeCommitClient_GetFolderWithContext_Call { - _c.Call.Return(run) - return _c -} - // GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { _va := make([]interface{}, len(_a2)) @@ -106,6 +65,10 @@ func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithContext") + } + var r0 *codecommit.GetRepositoryOutput var r1 error if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { @@ -128,43 +91,6 @@ func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 return r0, r1 } -// AWSCodeCommitClient_GetRepositoryWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetRepositoryWithContext' -type AWSCodeCommitClient_GetRepositoryWithContext_Call struct { - *mock.Call -} - -// GetRepositoryWithContext is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 *codecommit.GetRepositoryInput -// - _a2 ...request.Option -func (_e *AWSCodeCommitClient_Expecter) GetRepositoryWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetRepositoryWithContext_Call { - return &AWSCodeCommitClient_GetRepositoryWithContext_Call{Call: _e.mock.On("GetRepositoryWithContext", - append([]interface{}{_a0, _a1}, _a2...)...)} -} - -func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetRepositoryWithContext_Call { - _c.Call.Run(func(args mock.Arguments) { - variadicArgs := make([]request.Option, len(args)-2) - for i, a := range args[2:] { - if a != nil { - variadicArgs[i] = a.(request.Option) - } - } - run(args[0].(context.Context), args[1].(*codecommit.GetRepositoryInput), variadicArgs...) - }) - return _c -} - -func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Return(_a0 *codecommit.GetRepositoryOutput, _a1 error) *AWSCodeCommitClient_GetRepositoryWithContext_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)) *AWSCodeCommitClient_GetRepositoryWithContext_Call { - _c.Call.Return(run) - return _c -} - // ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { _va := make([]interface{}, len(_a2)) @@ -176,6 +102,10 @@ func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for ListBranchesWithContext") + } + var r0 *codecommit.ListBranchesOutput var r1 error if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { @@ -198,43 +128,6 @@ func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 return r0, r1 } -// AWSCodeCommitClient_ListBranchesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListBranchesWithContext' -type AWSCodeCommitClient_ListBranchesWithContext_Call struct { - *mock.Call -} - -// ListBranchesWithContext is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 *codecommit.ListBranchesInput -// - _a2 ...request.Option -func (_e *AWSCodeCommitClient_Expecter) ListBranchesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListBranchesWithContext_Call { - return &AWSCodeCommitClient_ListBranchesWithContext_Call{Call: _e.mock.On("ListBranchesWithContext", - append([]interface{}{_a0, _a1}, _a2...)...)} -} - -func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListBranchesWithContext_Call { - _c.Call.Run(func(args mock.Arguments) { - variadicArgs := make([]request.Option, len(args)-2) - for i, a := range args[2:] { - if a != nil { - variadicArgs[i] = a.(request.Option) - } - } - run(args[0].(context.Context), args[1].(*codecommit.ListBranchesInput), variadicArgs...) - }) - return _c -} - -func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Return(_a0 *codecommit.ListBranchesOutput, _a1 error) *AWSCodeCommitClient_ListBranchesWithContext_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)) *AWSCodeCommitClient_ListBranchesWithContext_Call { - _c.Call.Return(run) - return _c -} - // ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { _va := make([]interface{}, len(_a2)) @@ -246,6 +139,10 @@ func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for ListRepositoriesWithContext") + } + var r0 *codecommit.ListRepositoriesOutput var r1 error if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { @@ -268,50 +165,12 @@ func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, return r0, r1 } -// AWSCodeCommitClient_ListRepositoriesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListRepositoriesWithContext' -type AWSCodeCommitClient_ListRepositoriesWithContext_Call struct { - *mock.Call -} - -// ListRepositoriesWithContext is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 *codecommit.ListRepositoriesInput -// - _a2 ...request.Option -func (_e *AWSCodeCommitClient_Expecter) ListRepositoriesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { - return &AWSCodeCommitClient_ListRepositoriesWithContext_Call{Call: _e.mock.On("ListRepositoriesWithContext", - append([]interface{}{_a0, _a1}, _a2...)...)} -} - -func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { - _c.Call.Run(func(args mock.Arguments) { - variadicArgs := make([]request.Option, len(args)-2) - for i, a := range args[2:] { - if a != nil { - variadicArgs[i] = a.(request.Option) - } - } - run(args[0].(context.Context), args[1].(*codecommit.ListRepositoriesInput), variadicArgs...) - }) - return _c -} - -func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Return(_a0 *codecommit.ListRepositoriesOutput, _a1 error) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call { - _c.Call.Return(run) - return _c -} - -type mockConstructorTestingTNewAWSCodeCommitClient interface { +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSCodeCommitClient(t interface { mock.TestingT Cleanup(func()) -} - -// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewAWSCodeCommitClient(t mockConstructorTestingTNewAWSCodeCommitClient) *AWSCodeCommitClient { +}) *AWSCodeCommitClient { mock := &AWSCodeCommitClient{} mock.Mock.Test(t) diff --git a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go index 9acd8979b7818..a029d785cc2fb 100644 --- a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go +++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.26.1. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -16,14 +16,6 @@ type AWSTaggingClient struct { mock.Mock } -type AWSTaggingClient_Expecter struct { - mock *mock.Mock -} - -func (_m *AWSTaggingClient) EXPECT() *AWSTaggingClient_Expecter { - return &AWSTaggingClient_Expecter{mock: &_m.Mock} -} - // GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { _va := make([]interface{}, len(_a2)) @@ -35,6 +27,10 @@ func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *re _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetResourcesWithContext") + } + var r0 *resourcegroupstaggingapi.GetResourcesOutput var r1 error if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { @@ -57,50 +53,12 @@ func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *re return r0, r1 } -// AWSTaggingClient_GetResourcesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetResourcesWithContext' -type AWSTaggingClient_GetResourcesWithContext_Call struct { - *mock.Call -} - -// GetResourcesWithContext is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 *resourcegroupstaggingapi.GetResourcesInput -// - _a2 ...request.Option -func (_e *AWSTaggingClient_Expecter) GetResourcesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSTaggingClient_GetResourcesWithContext_Call { - return &AWSTaggingClient_GetResourcesWithContext_Call{Call: _e.mock.On("GetResourcesWithContext", - append([]interface{}{_a0, _a1}, _a2...)...)} -} - -func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Run(run func(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option)) *AWSTaggingClient_GetResourcesWithContext_Call { - _c.Call.Run(func(args mock.Arguments) { - variadicArgs := make([]request.Option, len(args)-2) - for i, a := range args[2:] { - if a != nil { - variadicArgs[i] = a.(request.Option) - } - } - run(args[0].(context.Context), args[1].(*resourcegroupstaggingapi.GetResourcesInput), variadicArgs...) - }) - return _c -} - -func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Return(_a0 *resourcegroupstaggingapi.GetResourcesOutput, _a1 error) *AWSTaggingClient_GetResourcesWithContext_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *AWSTaggingClient_GetResourcesWithContext_Call) RunAndReturn(run func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)) *AWSTaggingClient_GetResourcesWithContext_Call { - _c.Call.Return(run) - return _c -} - -type mockConstructorTestingTNewAWSTaggingClient interface { +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSTaggingClient(t interface { mock.TestingT Cleanup(func()) -} - -// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewAWSTaggingClient(t mockConstructorTestingTNewAWSTaggingClient) *AWSTaggingClient { +}) *AWSTaggingClient { mock := &AWSTaggingClient{} mock.Mock.Test(t) diff --git a/applicationset/services/scm_provider/aws_codecommit_test.go b/applicationset/services/scm_provider/aws_codecommit_test.go index 42ef52a8369e3..00d8240973848 100644 --- a/applicationset/services/scm_provider/aws_codecommit_test.go +++ b/applicationset/services/scm_provider/aws_codecommit_test.go @@ -178,8 +178,8 @@ func TestAWSCodeCommitListRepos(t *testing.T) { if repo.getRepositoryNilMetadata { repoMetadata = nil } - codeCommitClient.EXPECT(). - GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(repo.name)}). + codeCommitClient. + On("GetRepositoryWithContext", ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(repo.name)}). Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: repoMetadata}, repo.getRepositoryError) codecommitRepoNameIdPairs = append(codecommitRepoNameIdPairs, &codecommit.RepositoryNameIdPair{ RepositoryId: aws.String(repo.id), @@ -194,14 +194,14 @@ func TestAWSCodeCommitListRepos(t *testing.T) { } if testCase.expectListAtCodeCommit { - codeCommitClient.EXPECT(). - ListRepositoriesWithContext(ctx, &codecommit.ListRepositoriesInput{}). + codeCommitClient. + On("ListRepositoriesWithContext", ctx, &codecommit.ListRepositoriesInput{}). Return(&codecommit.ListRepositoriesOutput{ Repositories: codecommitRepoNameIdPairs, }, testCase.listRepositoryError) } else { - taggingClient.EXPECT(). - GetResourcesWithContext(ctx, mock.MatchedBy(equalIgnoringTagFilterOrder(&resourcegroupstaggingapi.GetResourcesInput{ + taggingClient. + On("GetResourcesWithContext", ctx, mock.MatchedBy(equalIgnoringTagFilterOrder(&resourcegroupstaggingapi.GetResourcesInput{ TagFilters: testCase.expectTagFilters, ResourceTypeFilters: aws.StringSlice([]string{resourceTypeCodeCommitRepository}), }))). @@ -351,8 +351,8 @@ func TestAWSCodeCommitRepoHasPath(t *testing.T) { taggingClient := mocks.NewAWSTaggingClient(t) ctx := context.Background() if testCase.expectedGetFolderPath != "" { - codeCommitClient.EXPECT(). - GetFolderWithContext(ctx, &codecommit.GetFolderInput{ + codeCommitClient. + On("GetFolderWithContext", ctx, &codecommit.GetFolderInput{ CommitSpecifier: aws.String(branch), FolderPath: aws.String(testCase.expectedGetFolderPath), RepositoryName: aws.String(repoName), @@ -424,14 +424,14 @@ func TestAWSCodeCommitGetBranches(t *testing.T) { taggingClient := mocks.NewAWSTaggingClient(t) ctx := context.Background() if testCase.allBranches { - codeCommitClient.EXPECT(). - ListBranchesWithContext(ctx, &codecommit.ListBranchesInput{ + codeCommitClient. + On("ListBranchesWithContext", ctx, &codecommit.ListBranchesInput{ RepositoryName: aws.String(name), }). Return(&codecommit.ListBranchesOutput{Branches: aws.StringSlice(testCase.branches)}, testCase.apiError) } else { - codeCommitClient.EXPECT(). - GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(name)}). + codeCommitClient. + On("GetRepositoryWithContext", ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(name)}). Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: &codecommit.RepositoryMetadata{ AccountId: aws.String(organization), DefaultBranch: aws.String(defaultBranch), diff --git a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go index 902859672cd0e..c3cf024d882fe 100644 --- a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go +++ b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/applicationset/services/scm_provider/azure_devops_test.go b/applicationset/services/scm_provider/azure_devops_test.go index 3379653401888..d718802ad3295 100644 --- a/applicationset/services/scm_provider/azure_devops_test.go +++ b/applicationset/services/scm_provider/azure_devops_test.go @@ -17,8 +17,6 @@ import ( azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks" ) -//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --srcpkg=github.com/microsoft/azure-devops-go-api/azuredevops/git --name=Client --output=azure_devops/git/mocks --outpkg=mocks - func s(input string) *string { return ptr.To(input) } diff --git a/applicationset/services/scm_provider/bitbucket_cloud.go b/applicationset/services/scm_provider/bitbucket_cloud.go index da8f3fea54c54..4468aee687f7d 100644 --- a/applicationset/services/scm_provider/bitbucket_cloud.go +++ b/applicationset/services/scm_provider/bitbucket_cloud.go @@ -46,7 +46,7 @@ func (c *ExtendedClient) GetContents(repo *Repository, path string) (bool, error return true, nil } - return false, fmt.Errorf(resp.Status) + return false, fmt.Errorf("%s", resp.Status) } var _ SCMProviderService = &BitBucketCloudProvider{} diff --git a/applicationset/services/scm_provider/bitbucket_server.go b/applicationset/services/scm_provider/bitbucket_server.go index d1b66c89a66c3..4f723a547059f 100644 --- a/applicationset/services/scm_provider/bitbucket_server.go +++ b/applicationset/services/scm_provider/bitbucket_server.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "io" + "net/http" bitbucketv1 "github.com/gfleury/go-bitbucket-v1" log "github.com/sirupsen/logrus" @@ -20,7 +21,7 @@ type BitbucketServerProvider struct { var _ SCMProviderService = &BitbucketServerProvider{} -func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password, url, projectKey string, allBranches bool) (*BitbucketServerProvider, error) { +func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password, url, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) { bitbucketConfig := bitbucketv1.NewConfiguration(url) // Avoid the XSRF check bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check") @@ -30,15 +31,29 @@ func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password UserName: username, Password: password, }) - return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches) + return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches, scmRootCAPath, insecure, caCerts) } -func NewBitbucketServerProviderNoAuth(ctx context.Context, url, projectKey string, allBranches bool) (*BitbucketServerProvider, error) { - return newBitbucketServerProvider(ctx, bitbucketv1.NewConfiguration(url), projectKey, allBranches) +func NewBitbucketServerProviderBearerToken(ctx context.Context, bearerToken, url, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) { + bitbucketConfig := bitbucketv1.NewConfiguration(url) + // Avoid the XSRF check + bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check") + bitbucketConfig.AddDefaultHeader("x-requested-with", "XMLHttpRequest") + + ctx = context.WithValue(ctx, bitbucketv1.ContextAccessToken, bearerToken) + return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches, scmRootCAPath, insecure, caCerts) +} + +func NewBitbucketServerProviderNoAuth(ctx context.Context, url, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) { + return newBitbucketServerProvider(ctx, bitbucketv1.NewConfiguration(url), projectKey, allBranches, scmRootCAPath, insecure, caCerts) } -func newBitbucketServerProvider(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey string, allBranches bool) (*BitbucketServerProvider, error) { +func newBitbucketServerProvider(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) { bitbucketConfig.BasePath = utils.NormalizeBitbucketBasePath(bitbucketConfig.BasePath) + tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts) + bitbucketConfig.HTTPClient = &http.Client{Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + }} bitbucketClient := bitbucketv1.NewAPIClient(ctx, bitbucketConfig) return &BitbucketServerProvider{ diff --git a/applicationset/services/scm_provider/bitbucket_server_test.go b/applicationset/services/scm_provider/bitbucket_server_test.go index a8fc7afac5580..1d399f8751cbc 100644 --- a/applicationset/services/scm_provider/bitbucket_server_test.go +++ b/applicationset/services/scm_provider/bitbucket_server_test.go @@ -2,6 +2,8 @@ package scm_provider import ( "context" + "crypto/x509" + "encoding/pem" "io" "net/http" "net/http/httptest" @@ -99,7 +101,7 @@ func TestListReposNoAuth(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") verifyDefaultRepo(t, err, repos) @@ -191,7 +193,7 @@ func TestListReposPagination(t *testing.T) { } })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") require.NoError(t, err) @@ -268,7 +270,7 @@ func TestGetBranchesBranchPagination(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", @@ -321,7 +323,7 @@ func TestGetBranchesDefaultOnly(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", @@ -353,7 +355,7 @@ func TestGetBranchesMissingDefault(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", @@ -375,7 +377,7 @@ func TestGetBranchesEmptyRepo(t *testing.T) { } })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", @@ -398,7 +400,7 @@ func TestGetBranchesErrorDefaultBranch(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) _, err = provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", @@ -410,6 +412,73 @@ func TestGetBranchesErrorDefaultBranch(t *testing.T) { require.Error(t, err) } +func TestListReposTLS(t *testing.T) { + tests := []struct { + name string + tlsInsecure bool + passCerts bool + requireErr bool + }{ + { + name: "TLS Insecure: true, No Certs", + tlsInsecure: true, + passCerts: false, + requireErr: false, + }, + { + name: "TLS Insecure: true, With Certs", + tlsInsecure: true, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, With Certs", + tlsInsecure: false, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, No Certs", + tlsInsecure: false, + passCerts: false, + requireErr: true, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + defaultHandler(t)(w, r) + })) + defer ts.Close() + + var certs []byte + if test.passCerts == true { + for _, cert := range ts.TLS.Certificates { + for _, c := range cert.Certificate { + parsedCert, err := x509.ParseCertificate(c) + require.NoError(t, err, "Failed to parse certificate") + certs = append(certs, pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: parsedCert.Raw, + })...) + } + } + } + + provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true, "", test.tlsInsecure, certs) + require.NoError(t, err) + _, err = provider.ListRepos(context.Background(), "ssh") + if test.requireErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + }) + } +} + func TestListReposBasicAuth(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { assert.Equal(t, "Basic dXNlcjpwYXNzd29yZA==", r.Header.Get("Authorization")) @@ -417,7 +486,20 @@ func TestListReposBasicAuth(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true, "", false, nil) + require.NoError(t, err) + repos, err := provider.ListRepos(context.Background(), "ssh") + verifyDefaultRepo(t, err, repos) +} + +func TestListReposBearerAuth(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "Bearer tolkien", r.Header.Get("Authorization")) + assert.Equal(t, "no-check", r.Header.Get("X-Atlassian-Token")) + defaultHandler(t)(w, r) + })) + defer ts.Close() + provider, err := NewBitbucketServerProviderBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") verifyDefaultRepo(t, err, repos) @@ -444,7 +526,7 @@ func TestListReposDefaultBranch(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") require.NoError(t, err) @@ -470,7 +552,7 @@ func TestListReposMissingDefaultBranch(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") require.NoError(t, err) @@ -487,7 +569,7 @@ func TestListReposErrorDefaultBranch(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil) require.NoError(t, err) _, err = provider.ListRepos(context.Background(), "ssh") require.Error(t, err) @@ -499,7 +581,7 @@ func TestListReposCloneProtocol(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "https") require.NoError(t, err) @@ -521,7 +603,7 @@ func TestListReposUnknownProtocol(t *testing.T) { defaultHandler(t)(w, r) })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) _, errProtocol := provider.ListRepos(context.Background(), "http") require.Error(t, errProtocol) @@ -559,7 +641,7 @@ func TestBitbucketServerHasPath(t *testing.T) { } })) defer ts.Close() - provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) + provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil) require.NoError(t, err) repo := &Repository{ Organization: "PROJECT", diff --git a/applicationset/services/scm_provider/github.go b/applicationset/services/scm_provider/github.go index 1a6edae5837e9..9d7457c47b990 100644 --- a/applicationset/services/scm_provider/github.go +++ b/applicationset/services/scm_provider/github.go @@ -2,12 +2,11 @@ package scm_provider import ( "context" - "errors" "fmt" "net/http" "os" - "github.com/google/go-github/v35/github" + "github.com/google/go-github/v63/github" "golang.org/x/oauth2" ) @@ -36,7 +35,7 @@ func NewGithubProvider(ctx context.Context, organization string, token string, u client = github.NewClient(httpClient) } else { var err error - client, err = github.NewEnterpriseClient(url, url, httpClient) + client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url) if err != nil { return nil, err } @@ -120,14 +119,11 @@ func (g *GithubProvider) RepoHasPath(ctx context.Context, repo *Repository, path func (g *GithubProvider) listBranches(ctx context.Context, repo *Repository) ([]github.Branch, error) { // If we don't specifically want to query for all branches, just use the default branch and call it a day. if !g.allBranches { - defaultBranch, _, err := g.client.Repositories.GetBranch(ctx, repo.Organization, repo.Repository, repo.Branch) + defaultBranch, resp, err := g.client.Repositories.GetBranch(ctx, repo.Organization, repo.Repository, repo.Branch, 0) if err != nil { - var githubErrorResponse *github.ErrorResponse - if errors.As(err, &githubErrorResponse) { - if githubErrorResponse.Response.StatusCode == http.StatusNotFound { - // Default branch doesn't exist, so the repo is empty. - return []github.Branch{}, nil - } + if resp.StatusCode == http.StatusNotFound { + // Default branch doesn't exist, so the repo is empty. + return []github.Branch{}, nil } return nil, err } diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index 974be7bc21e16..0acc1898bf382 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -24,7 +24,7 @@ type GitlabProvider struct { var _ SCMProviderService = &GitlabProvider{} -func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, includeSharedProjects, insecure bool, scmRootCAPath, topic string) (*GitlabProvider, error) { +func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, includeSharedProjects, insecure bool, scmRootCAPath, topic string, caCerts []byte) (*GitlabProvider, error) { // Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits. if token == "" { token = os.Getenv("GITLAB_TOKEN") @@ -32,7 +32,7 @@ func NewGitlabProvider(ctx context.Context, organization string, token string, u var client *gitlab.Client tr := http.DefaultTransport.(*http.Transport).Clone() - tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure) + tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure, caCerts) retryClient := retryablehttp.NewClient() retryClient.HTTPClient.Transport = tr diff --git a/applicationset/services/scm_provider/gitlab_test.go b/applicationset/services/scm_provider/gitlab_test.go index c897e9b3183de..12f2b8b377a2a 100644 --- a/applicationset/services/scm_provider/gitlab_test.go +++ b/applicationset/services/scm_provider/gitlab_test.go @@ -2,6 +2,8 @@ package scm_provider import ( "context" + "crypto/x509" + "encoding/pem" "fmt" "io" "net/http" @@ -1121,7 +1123,7 @@ func TestGitlabListRepos(t *testing.T) { })) for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "", c.topic) + provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "", c.topic, nil) rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { require.Error(t, err) @@ -1160,7 +1162,7 @@ func TestGitlabHasPath(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) - host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "") + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "", nil) repo := &Repository{ Organization: "test-argocd-proton", Repository: "argocd", @@ -1206,7 +1208,7 @@ func TestGitlabGetBranches(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) - host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "") + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "", nil) repo := &Repository{ RepositoryId: 27084533, @@ -1227,3 +1229,74 @@ func TestGitlabGetBranches(t *testing.T) { require.NoError(t, err) }) } + +func TestGetBranchesTLS(t *testing.T) { + tests := []struct { + name string + tlsInsecure bool + passCerts bool + requireErr bool + }{ + { + name: "TLS Insecure: true, No Certs", + tlsInsecure: true, + passCerts: false, + requireErr: false, + }, + { + name: "TLS Insecure: true, With Certs", + tlsInsecure: true, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, With Certs", + tlsInsecure: false, + passCerts: true, + requireErr: false, + }, + { + name: "TLS Insecure: false, No Certs", + tlsInsecure: false, + passCerts: false, + requireErr: true, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + gitlabMockHandler(t)(w, r) + })) + defer ts.Close() + + var certs []byte + if test.passCerts == true { + for _, cert := range ts.TLS.Certificates { + for _, c := range cert.Certificate { + parsedCert, err := x509.ParseCertificate(c) + require.NoError(t, err, "Failed to parse certificate") + certs = append(certs, pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: parsedCert.Raw, + })...) + } + } + } + + host, err := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, test.tlsInsecure, "", "", certs) + require.NoError(t, err) + repo := &Repository{ + RepositoryId: 27084533, + Branch: "master", + } + _, err = host.GetBranches(context.Background(), repo) + if test.requireErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/applicationset/status/resource_status.go b/applicationset/status/resource_status.go new file mode 100644 index 0000000000000..4e9db5ff560e9 --- /dev/null +++ b/applicationset/status/resource_status.go @@ -0,0 +1,57 @@ +package status + +import ( + argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func BuildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus { + appMap := map[string]argov1alpha1.Application{} + for _, app := range apps { + appCopy := app + appMap[app.Name] = app + + gvk := app.GroupVersionKind() + // Create status if it does not exist + status, ok := statusMap[app.Name] + if !ok { + status = argov1alpha1.ResourceStatus{ + Group: gvk.Group, + Version: gvk.Version, + Kind: gvk.Kind, + Name: app.Name, + Namespace: app.Namespace, + Status: app.Status.Sync.Status, + Health: &appCopy.Status.Health, + } + } + + status.Group = gvk.Group + status.Version = gvk.Version + status.Kind = gvk.Kind + status.Name = app.Name + status.Namespace = app.Namespace + status.Status = app.Status.Sync.Status + status.Health = &appCopy.Status.Health + + statusMap[app.Name] = status + } + cleanupDeletedApplicationStatuses(statusMap, appMap) + + return statusMap +} + +func GetResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus { + statusMap := map[string]argov1alpha1.ResourceStatus{} + for _, status := range appset.Status.Resources { + statusMap[status.Name] = status + } + return statusMap +} + +func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) { + for name := range statusMap { + if _, ok := apps[name]; !ok { + delete(statusMap, name) + } + } +} diff --git a/applicationset/utils/applicationset_lister.go b/applicationset/utils/applicationset_lister.go new file mode 100644 index 0000000000000..5e9d65936333a --- /dev/null +++ b/applicationset/utils/applicationset_lister.go @@ -0,0 +1,63 @@ +package utils + +import ( + "context" + + "k8s.io/apimachinery/pkg/labels" + ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" + + . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + . "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" +) + +// Implements AppsetLister interface with controller-runtime client +type AppsetLister struct { + Client ctrlclient.Client +} + +func NewAppsetLister(client ctrlclient.Client) ApplicationSetLister { + return &AppsetLister{Client: client} +} + +func (l *AppsetLister) List(selector labels.Selector) (ret []*ApplicationSet, err error) { + return clientListAppsets(l.Client, ctrlclient.ListOptions{}) +} + +// ApplicationSets returns an object that can list and get ApplicationSets. +func (l *AppsetLister) ApplicationSets(namespace string) ApplicationSetNamespaceLister { + return &appsetNamespaceLister{ + Client: l.Client, + Namespace: namespace, + } +} + +// Implements ApplicationSetNamespaceLister +type appsetNamespaceLister struct { + Client ctrlclient.Client + Namespace string +} + +func (n *appsetNamespaceLister) List(selector labels.Selector) (ret []*ApplicationSet, err error) { + return clientListAppsets(n.Client, ctrlclient.ListOptions{Namespace: n.Namespace}) +} + +func (n *appsetNamespaceLister) Get(name string) (*ApplicationSet, error) { + appset := ApplicationSet{} + err := n.Client.Get(context.TODO(), ctrlclient.ObjectKeyFromObject(&appset), &appset) + return &appset, err +} + +func clientListAppsets(client ctrlclient.Client, listOptions ctrlclient.ListOptions) (ret []*ApplicationSet, err error) { + var appsetlist ApplicationSetList + var results []*ApplicationSet + + err = client.List(context.TODO(), &appsetlist, &listOptions) + + if err == nil { + for _, appset := range appsetlist.Items { + results = append(results, appset.DeepCopy()) + } + } + + return results, err +} diff --git a/applicationset/utils/clusterUtils.go b/applicationset/utils/clusterUtils.go index a56be51fdb7a2..2645ff432cbb9 100644 --- a/applicationset/utils/clusterUtils.go +++ b/applicationset/utils/clusterUtils.go @@ -51,9 +51,12 @@ const ( // if we used destination name we infer the server url // if we used both name and server then we return an invalid spec error func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination, clientset kubernetes.Interface, argoCDNamespace string) error { + if dest.IsServerInferred() && dest.IsNameInferred() { + return fmt.Errorf("application destination can't have both name and server inferred: %s %s", dest.Name, dest.Server) + } if dest.Name != "" { if dest.Server == "" { - server, err := getDestinationServer(ctx, dest.Name, clientset, argoCDNamespace) + server, err := getDestinationBy(ctx, dest.Name, clientset, argoCDNamespace, true) if err != nil { return fmt.Errorf("unable to find destination server: %w", err) } @@ -61,14 +64,25 @@ func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination return fmt.Errorf("application references destination cluster %s which does not exist", dest.Name) } dest.SetInferredServer(server) - } else if !dest.IsServerInferred() { + } else if !dest.IsServerInferred() && !dest.IsNameInferred() { return fmt.Errorf("application destination can't have both name and server defined: %s %s", dest.Name, dest.Server) } + } else if dest.Server != "" { + if dest.Name == "" { + serverName, err := getDestinationBy(ctx, dest.Server, clientset, argoCDNamespace, false) + if err != nil { + return fmt.Errorf("unable to find destination server: %w", err) + } + if serverName == "" { + return fmt.Errorf("application references destination cluster %s which does not exist", dest.Server) + } + dest.SetInferredName(serverName) + } } return nil } -func getDestinationServer(ctx context.Context, clusterName string, clientset kubernetes.Interface, argoCDNamespace string) (string, error) { +func getDestinationBy(ctx context.Context, cluster string, clientset kubernetes.Interface, argoCDNamespace string, byName bool) (string, error) { // settingsMgr := settings.NewSettingsManager(context.TODO(), clientset, namespace) // argoDB := db.NewDB(namespace, settingsMgr, clientset) // clusterList, err := argoDB.ListClusters(ctx) @@ -78,14 +92,17 @@ func getDestinationServer(ctx context.Context, clusterName string, clientset kub } var servers []string for _, c := range clusterList.Items { - if c.Name == clusterName { + if byName && c.Name == cluster { servers = append(servers, c.Server) } + if !byName && c.Server == cluster { + servers = append(servers, c.Name) + } } if len(servers) > 1 { return "", fmt.Errorf("there are %d clusters with the same name: %v", len(servers), servers) } else if len(servers) == 0 { - return "", fmt.Errorf("there are no clusters with this name: %s", clusterName) + return "", fmt.Errorf("there are no clusters with this name: %s", cluster) } return servers[0], nil } @@ -132,9 +149,12 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster { initLocalCluster.Do(func() { info, err := clientset.Discovery().ServerVersion() if err == nil { + // nolint:staticcheck localCluster.ServerVersion = fmt.Sprintf("%s.%s", info.Major, info.Minor) + // nolint:staticcheck localCluster.ConnectionState = appv1.ConnectionState{Status: appv1.ConnectionStatusSuccessful} } else { + // nolint:staticcheck localCluster.ConnectionState = appv1.ConnectionState{ Status: appv1.ConnectionStatusFailed, Message: err.Error(), @@ -143,6 +163,7 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster { }) cluster := localCluster.DeepCopy() now := metav1.Now() + // nolint:staticcheck cluster.ConnectionState.ModifiedAt = &now return cluster } diff --git a/applicationset/utils/clusterUtils_test.go b/applicationset/utils/clusterUtils_test.go index 9e8694359b6bd..9cce629fa1291 100644 --- a/applicationset/utils/clusterUtils_test.go +++ b/applicationset/utils/clusterUtils_test.go @@ -92,7 +92,12 @@ func TestValidateDestination(t *testing.T) { Namespace: "default", } - appCond := ValidateDestination(context.Background(), &dest, nil, fakeNamespace) + secret := createClusterSecret("my-secret", "minikube", "https://127.0.0.1:6443") + objects := []runtime.Object{} + objects = append(objects, secret) + kubeclientset := fake.NewSimpleClientset(objects...) + + appCond := ValidateDestination(context.Background(), &dest, kubeclientset, fakeNamespace) require.NoError(t, appCond) assert.False(t, dest.IsServerInferred()) }) diff --git a/applicationset/utils/kubernetes.go b/applicationset/utils/kubernetes.go new file mode 100644 index 0000000000000..f9e90bf1d9f81 --- /dev/null +++ b/applicationset/utils/kubernetes.go @@ -0,0 +1,54 @@ +package utils + +import ( + "context" + "fmt" + + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// getSecretRef gets the value of the key for the specified Secret resource. +func GetSecretRef(ctx context.Context, k8sClient client.Client, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) { + if ref == nil { + return "", nil + } + + secret := &corev1.Secret{} + err := k8sClient.Get( + ctx, + client.ObjectKey{ + Name: ref.SecretName, + Namespace: namespace, + }, + secret) + if err != nil { + return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err) + } + tokenBytes, ok := secret.Data[ref.Key] + if !ok { + return "", fmt.Errorf("key %q in secret %s/%s not found", ref.Key, namespace, ref.SecretName) + } + return string(tokenBytes), nil +} + +func GetConfigMapData(ctx context.Context, k8sClient client.Client, ref *argoprojiov1alpha1.ConfigMapKeyRef, namespace string) ([]byte, error) { + if ref == nil { + return nil, nil + } + + configMap := &corev1.ConfigMap{} + err := k8sClient.Get(ctx, client.ObjectKey{Name: ref.ConfigMapName, Namespace: namespace}, configMap) + if err != nil { + return nil, err + } + + data, ok := configMap.Data[ref.Key] + if !ok { + return nil, fmt.Errorf("key %s not found in ConfigMap %s", ref.Key, configMap.Name) + } + + return []byte(data), nil +} diff --git a/applicationset/utils/kubernetes_test.go b/applicationset/utils/kubernetes_test.go new file mode 100644 index 0000000000000..bddda0c473073 --- /dev/null +++ b/applicationset/utils/kubernetes_test.go @@ -0,0 +1,146 @@ +package utils + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func TestGetSecretRef(t *testing.T) { + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: "test-secret", Namespace: "test"}, + Data: map[string][]byte{ + "my-token": []byte("secret"), + }, + } + client := fake.NewClientBuilder().WithObjects(secret).Build() + ctx := context.Background() + + cases := []struct { + name, namespace, token string + ref *argoprojiov1alpha1.SecretRef + hasError bool + }{ + { + name: "valid ref", + ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"}, + namespace: "test", + token: "secret", + hasError: false, + }, + { + name: "nil ref", + ref: nil, + namespace: "test", + token: "", + hasError: false, + }, + { + name: "wrong name", + ref: &argoprojiov1alpha1.SecretRef{SecretName: "other", Key: "my-token"}, + namespace: "test", + token: "", + hasError: true, + }, + { + name: "wrong key", + ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "other-token"}, + namespace: "test", + token: "", + hasError: true, + }, + { + name: "wrong namespace", + ref: &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"}, + namespace: "other", + token: "", + hasError: true, + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + token, err := GetSecretRef(ctx, client, c.ref, c.namespace) + if c.hasError { + require.Error(t, err) + } else { + require.NoError(t, err) + } + assert.Equal(t, c.token, token) + }) + } +} + +func TestGetConfigMapData(t *testing.T) { + configMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{Name: "test-configmap", Namespace: "test"}, + Data: map[string]string{ + "my-data": "configmap-data", + }, + } + client := fake.NewClientBuilder().WithObjects(configMap).Build() + ctx := context.Background() + + cases := []struct { + name, namespace, data string + ref *argoprojiov1alpha1.ConfigMapKeyRef + hasError bool + }{ + { + name: "valid ref", + ref: &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "test-configmap", Key: "my-data"}, + namespace: "test", + data: "configmap-data", + hasError: false, + }, + { + name: "nil ref", + ref: nil, + namespace: "test", + data: "", + hasError: false, + }, + { + name: "wrong name", + ref: &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "other", Key: "my-data"}, + namespace: "test", + data: "", + hasError: true, + }, + { + name: "wrong key", + ref: &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "test-configmap", Key: "other-data"}, + namespace: "test", + data: "", + hasError: true, + }, + { + name: "wrong namespace", + ref: &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "test-configmap", Key: "my-data"}, + namespace: "other", + data: "", + hasError: true, + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + data, err := GetConfigMapData(ctx, client, c.ref, c.namespace) + if c.hasError { + require.Error(t, err) + } else { + require.NoError(t, err) + } + if !c.hasError { + assert.Equal(t, c.data, string(data)) + } + }) + } +} diff --git a/applicationset/utils/mocks/Renderer.go b/applicationset/utils/mocks/Renderer.go new file mode 100644 index 0000000000000..3b108f74e7864 --- /dev/null +++ b/applicationset/utils/mocks/Renderer.go @@ -0,0 +1,86 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + mock "github.com/stretchr/testify/mock" + + v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// Renderer is an autogenerated mock type for the Renderer type +type Renderer struct { + mock.Mock +} + +// RenderTemplateParams provides a mock function with given fields: tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions +func (_m *Renderer) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) { + ret := _m.Called(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) + + if len(ret) == 0 { + panic("no return value specified for RenderTemplateParams") + } + + var r0 *v1alpha1.Application + var r1 error + if rf, ok := ret.Get(0).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) (*v1alpha1.Application, error)); ok { + return rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) + } + if rf, ok := ret.Get(0).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) *v1alpha1.Application); ok { + r0 = rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.Application) + } + } + + if rf, ok := ret.Get(1).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) error); ok { + r1 = rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// Replace provides a mock function with given fields: tmpl, replaceMap, useGoTemplate, goTemplateOptions +func (_m *Renderer) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { + ret := _m.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions) + + if len(ret) == 0 { + panic("no return value specified for Replace") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string, map[string]interface{}, bool, []string) (string, error)); ok { + return rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions) + } + if rf, ok := ret.Get(0).(func(string, map[string]interface{}, bool, []string) string); ok { + r0 = rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions) + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func(string, map[string]interface{}, bool, []string) error); ok { + r1 = rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewRenderer creates a new instance of Renderer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRenderer(t interface { + mock.TestingT + Cleanup(func()) +}) *Renderer { + mock := &Renderer{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index dfcc11cbdd35a..4122dee28a657 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -23,6 +23,7 @@ import ( log "github.com/sirupsen/logrus" argoappsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/glob" ) var sprigFuncMap = sprig.GenericFuncMap() // a singleton for better performance @@ -46,6 +47,10 @@ type Renderer interface { type Render struct{} +func IsNamespaceAllowed(namespaces []string, namespace string) bool { + return glob.MatchStringInList(namespaces, namespace, glob.REGEXP) +} + func copyValueIntoUnexported(destination, value reflect.Value) { reflect.NewAt(destination.Type(), unsafe.Pointer(destination.UnsafeAddr())). Elem(). @@ -268,7 +273,7 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy * // b) there IS a syncPolicy, but preserveResourcesOnDeletion is set to false // See TestRenderTemplateParamsFinalizers in util_test.go for test-based definition of behaviour if (syncPolicy == nil || !syncPolicy.PreserveResourcesOnDeletion) && - (replacedTmpl.ObjectMeta.Finalizers == nil || len(replacedTmpl.ObjectMeta.Finalizers) == 0) { + len(replacedTmpl.ObjectMeta.Finalizers) == 0 { replacedTmpl.ObjectMeta.Finalizers = []string{"resources-finalizer.argocd.argoproj.io"} } @@ -483,7 +488,7 @@ func SlugifyName(args ...interface{}) string { return urlSlug } -func getTlsConfigWithCACert(scmRootCAPath string) *tls.Config { +func getTlsConfigWithCACert(scmRootCAPath string, caCerts []byte) *tls.Config { tlsConfig := &tls.Config{} if scmRootCAPath != "" { @@ -497,8 +502,12 @@ func getTlsConfigWithCACert(scmRootCAPath string) *tls.Config { log.Errorf("error reading certificate from file '%s', proceeding without custom rootCA : %s", scmRootCAPath, err) return tlsConfig } + caCerts = append(caCerts, rootCA...) + } + + if len(caCerts) > 0 { certPool := x509.NewCertPool() - ok := certPool.AppendCertsFromPEM([]byte(rootCA)) + ok := certPool.AppendCertsFromPEM(caCerts) if !ok { log.Errorf("failed to append certificates from PEM: proceeding without custom rootCA") } else { @@ -508,8 +517,8 @@ func getTlsConfigWithCACert(scmRootCAPath string) *tls.Config { return tlsConfig } -func GetTlsConfig(scmRootCAPath string, insecure bool) *tls.Config { - tlsConfig := getTlsConfigWithCACert(scmRootCAPath) +func GetTlsConfig(scmRootCAPath string, insecure bool, caCerts []byte) *tls.Config { + tlsConfig := getTlsConfigWithCACert(scmRootCAPath, caCerts) if insecure { tlsConfig.InsecureSkipVerify = true diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index 5b9ed9295780b..8d19a2cffa260 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -1260,11 +1260,8 @@ func TestSlugify(t *testing.T) { } func TestGetTLSConfig(t *testing.T) { - // certParsed, err := tls.X509KeyPair(test.Cert, test.PrivateKey) - // require.NoError(t, err) - temppath := t.TempDir() - cert := ` + certFromFile := ` -----BEGIN CERTIFICATE----- MIIFvTCCA6WgAwIBAgIUGrTmW3qc39zqnE08e3qNDhUkeWswDQYJKoZIhvcNAQEL BQAwbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAklMMRAwDgYDVQQHDAdDaGljYWdv @@ -1298,50 +1295,96 @@ NoB2rjufaB0GQi1azdboMvdGSOxhSCAR8otWT5yDrywCqVnEvjw0oxKmuRduNe2/ r2AaraPFgrprnxUibP4L7jxdr+iiw5bWN9/B81PodrS7n5TNtnfnpZD6X6rThqOP xO7Tr5lAo74vNUkF2EHNaI28/RGnJPm2TIxZqy4rNH6L -----END CERTIFICATE----- +` + + certFromCM := ` +-----BEGIN CERTIFICATE----- +MIIDOTCCAiGgAwIBAgIQSRJrEpBGFc7tNb1fb5pKFzANBgkqhkiG9w0BAQsFADAS +MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw +MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA6Gba5tHV1dAKouAaXO3/ebDUU4rvwCUg/CNaJ2PT5xLD4N1Vcb8r +bFSW2HXKq+MPfVdwIKR/1DczEoAGf/JWQTW7EgzlXrCd3rlajEX2D73faWJekD0U +aUgz5vtrTXZ90BQL7WvRICd7FlEZ6FPOcPlumiyNmzUqtwGhO+9ad1W5BqJaRI6P +YfouNkwR6Na4TzSj5BrqUfP0FwDizKSJ0XXmh8g8G9mtwxOSN3Ru1QFc61Xyeluk +POGKBV/q6RBNklTNe0gI8usUMlYyoC7ytppNMW7X2vodAelSu25jgx2anj9fDVZu +h7AXF5+4nJS4AAt0n1lNY7nGSsdZas8PbQIDAQABo4GIMIGFMA4GA1UdDwEB/wQE +AwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBStsdjh3/JCXXYlQryOrL4Sh7BW5TAuBgNVHREEJzAlggtleGFtcGxlLmNv +bYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAxWGI +5NhpF3nwwy/4yB4i/CwwSpLrWUa70NyhvprUBC50PxiXav1TeDzwzLx/o5HyNwsv +cxv3HdkLW59i/0SlJSrNnWdfZ19oTcS+6PtLoVyISgtyN6DpkKpdG1cOkW3Cy2P2 ++tK/tKHRP1Y/Ra0RiDpOAmqn0gCOFGz8+lqDIor/T7MTpibL3IxqWfPrvfVRHL3B +grw/ZQTTIVjjh4JBSW3WyWgNo/ikC1lrVxzl4iPUGptxT36Cr7Zk2Bsg0XqwbOvK +5d+NTDREkSnUbie4GeutujmX3Dsx88UiV6UY/4lHJa6I5leHUNOHahRbpbWeOfs/ +WkBKOclmOV2xlTVuPw== +-----END CERTIFICATE----- ` rootCAPath := path.Join(temppath, "foo.example.com") - err := os.WriteFile(rootCAPath, []byte(cert), 0o666) + err := os.WriteFile(rootCAPath, []byte(certFromFile), 0o666) if err != nil { panic(err) } - certPool := x509.NewCertPool() - ok := certPool.AppendCertsFromPEM([]byte(cert)) - assert.True(t, ok) - testCases := []struct { name string scmRootCAPath string insecure bool + caCerts []byte validateCertInTlsConfig bool }{ { name: "Insecure mode configured, SCM Root CA Path not set", scmRootCAPath: "", insecure: true, + caCerts: nil, validateCertInTlsConfig: false, }, { name: "SCM Root CA Path set, Insecure mode set to false", scmRootCAPath: rootCAPath, insecure: false, + caCerts: nil, validateCertInTlsConfig: true, }, { name: "SCM Root CA Path set, Insecure mode set to true", scmRootCAPath: rootCAPath, insecure: true, + caCerts: nil, + validateCertInTlsConfig: true, + }, + { + name: "Cert passed, Insecure mode set to false", + scmRootCAPath: "", + insecure: false, + caCerts: []byte(certFromCM), + validateCertInTlsConfig: true, + }, + { + name: "SCM Root CA Path set, cert passed, Insecure mode set to false", + scmRootCAPath: rootCAPath, + insecure: false, + caCerts: []byte(certFromCM), validateCertInTlsConfig: true, }, } for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - tlsConfig := GetTlsConfig(testCase.scmRootCAPath, testCase.insecure) + certPool := x509.NewCertPool() + tlsConfig := GetTlsConfig(testCase.scmRootCAPath, testCase.insecure, testCase.caCerts) assert.Equal(t, testCase.insecure, tlsConfig.InsecureSkipVerify) + if testCase.caCerts != nil { + ok := certPool.AppendCertsFromPEM([]byte(certFromCM)) + assert.True(t, ok) + } + if testCase.scmRootCAPath != "" { + ok := certPool.AppendCertsFromPEM([]byte(certFromFile)) + assert.True(t, ok) + } + assert.NotNil(t, tlsConfig) if testCase.validateCertInTlsConfig { - assert.NotNil(t, tlsConfig) assert.True(t, tlsConfig.RootCAs.Equal(certPool)) } }) diff --git a/applicationset/webhook/testdata/github-commit-event-feature-branch.json b/applicationset/webhook/testdata/github-commit-event-feature-branch.json new file mode 100644 index 0000000000000..2cbe577da34de --- /dev/null +++ b/applicationset/webhook/testdata/github-commit-event-feature-branch.json @@ -0,0 +1,186 @@ +{ + "ref": "refs/heads/env/dev", + "before": "d5c1ffa8e294bc18c639bfb4e0df499251034414", + "after": "63738bb582c8b540af7bcfc18f87c575c3ed66e0", + "created": false, + "deleted": false, + "forced": true, + "base_ref": null, + "compare": "https://github.com/org/repo/compare/d5c1ffa8e294...63738bb582c8", + "commits": [ + { + "id": "63738bb582c8b540af7bcfc18f87c575c3ed66e0", + "tree_id": "64897da445207e409ad05af93b1f349ad0a4ee19", + "distinct": true, + "message": "Add staging-argocd-demo environment", + "timestamp": "2018-05-04T15:40:02-07:00", + "url": "https://github.com/org/repo/commit/63738bb582c8b540af7bcfc18f87c575c3ed66e0", + "author": { + "name": "Jesse Suen", + "email": "Jesse_Suen@example.com", + "username": "org" + }, + "committer": { + "name": "Jesse Suen", + "email": "Jesse_Suen@example.com", + "username": "org" + }, + "added": [ + "ksapps/test-app/environments/staging-argocd-demo/main.jsonnet", + "ksapps/test-app/environments/staging-argocd-demo/params.libsonnet" + ], + "removed": [ + + ], + "modified": [ + "ksapps/test-app/app.yaml" + ] + } + ], + "head_commit": { + "id": "63738bb582c8b540af7bcfc18f87c575c3ed66e0", + "tree_id": "64897da445207e409ad05af93b1f349ad0a4ee19", + "distinct": true, + "message": "Add staging-argocd-demo environment", + "timestamp": "2018-05-04T15:40:02-07:00", + "url": "https://github.com/org/repo/commit/63738bb582c8b540af7bcfc18f87c575c3ed66e0", + "author": { + "name": "Jesse Suen", + "email": "Jesse_Suen@example.com", + "username": "org" + }, + "committer": { + "name": "Jesse Suen", + "email": "Jesse_Suen@example.com", + "username": "org" + }, + "added": [ + "ksapps/test-app/environments/staging-argocd-demo/main.jsonnet", + "ksapps/test-app/environments/staging-argocd-demo/params.libsonnet" + ], + "removed": [ + + ], + "modified": [ + "ksapps/test-app/app.yaml" + ] + }, + "repository": { + "id": 123060978, + "name": "repo", + "full_name": "org/repo", + "owner": { + "name": "org", + "email": "org@users.noreply.github.com", + "login": "org", + "id": 12677113, + "avatar_url": "https://avatars0.githubusercontent.com/u/12677113?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/org", + "html_url": "https://github.com/org", + "followers_url": "https://api.github.com/users/org/followers", + "following_url": "https://api.github.com/users/org/following{/other_user}", + "gists_url": "https://api.github.com/users/org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/org/subscriptions", + "organizations_url": "https://api.github.com/users/org/orgs", + "repos_url": "https://api.github.com/users/org/repos", + "events_url": "https://api.github.com/users/org/events{/privacy}", + "received_events_url": "https://api.github.com/users/org/received_events", + "type": "User", + "site_admin": false + }, + "private": false, + "html_url": "https://github.com/org/repo", + "description": "Test Repository", + "fork": false, + "url": "https://github.com/org/repo", + "forks_url": "https://api.github.com/repos/org/repo/forks", + "keys_url": "https://api.github.com/repos/org/repo/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/org/repo/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/org/repo/teams", + "hooks_url": "https://api.github.com/repos/org/repo/hooks", + "issue_events_url": "https://api.github.com/repos/org/repo/issues/events{/number}", + "events_url": "https://api.github.com/repos/org/repo/events", + "assignees_url": "https://api.github.com/repos/org/repo/assignees{/user}", + "branches_url": "https://api.github.com/repos/org/repo/branches{/branch}", + "tags_url": "https://api.github.com/repos/org/repo/tags", + "blobs_url": "https://api.github.com/repos/org/repo/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/org/repo/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/org/repo/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/org/repo/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/org/repo/statuses/{sha}", + "languages_url": "https://api.github.com/repos/org/repo/languages", + "stargazers_url": "https://api.github.com/repos/org/repo/stargazers", + "contributors_url": "https://api.github.com/repos/org/repo/contributors", + "subscribers_url": "https://api.github.com/repos/org/repo/subscribers", + "subscription_url": "https://api.github.com/repos/org/repo/subscription", + "commits_url": "https://api.github.com/repos/org/repo/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/org/repo/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/org/repo/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/org/repo/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/org/repo/contents/{+path}", + "compare_url": "https://api.github.com/repos/org/repo/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/org/repo/merges", + "archive_url": "https://api.github.com/repos/org/repo/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/org/repo/downloads", + "issues_url": "https://api.github.com/repos/org/repo/issues{/number}", + "pulls_url": "https://api.github.com/repos/org/repo/pulls{/number}", + "milestones_url": "https://api.github.com/repos/org/repo/milestones{/number}", + "notifications_url": "https://api.github.com/repos/org/repo/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/org/repo/labels{/name}", + "releases_url": "https://api.github.com/repos/org/repo/releases{/id}", + "deployments_url": "https://api.github.com/repos/org/repo/deployments", + "created_at": 1519698615, + "updated_at": "2018-05-04T22:37:55Z", + "pushed_at": 1525473610, + "git_url": "git://github.com/org/repo.git", + "ssh_url": "git@github.com:org/repo.git", + "clone_url": "https://github.com/org/repo.git", + "svn_url": "https://github.com/org/repo", + "homepage": null, + "size": 538, + "stargazers_count": 0, + "watchers_count": 0, + "language": null, + "has_issues": true, + "has_projects": true, + "has_downloads": true, + "has_wiki": true, + "has_pages": false, + "forks_count": 1, + "mirror_url": null, + "archived": false, + "open_issues_count": 0, + "license": null, + "forks": 1, + "open_issues": 0, + "watchers": 0, + "default_branch": "master", + "stargazers": 0, + "master_branch": "master" + }, + "pusher": { + "name": "org", + "email": "org@users.noreply.github.com" + }, + "sender": { + "login": "org", + "id": 12677113, + "avatar_url": "https://avatars0.githubusercontent.com/u/12677113?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/org", + "html_url": "https://github.com/org", + "followers_url": "https://api.github.com/users/org/followers", + "following_url": "https://api.github.com/users/org/following{/other_user}", + "gists_url": "https://api.github.com/users/org/gists{/gist_id}", + "starred_url": "https://api.github.com/users/org/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/org/subscriptions", + "organizations_url": "https://api.github.com/users/org/orgs", + "repos_url": "https://api.github.com/users/org/repos", + "events_url": "https://api.github.com/users/org/events{/privacy}", + "received_events_url": "https://api.github.com/users/org/received_events", + "type": "User", + "site_admin": false + } + } \ No newline at end of file diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 30f1a2eb1ad0e..e1c5d63cdb440 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -2,7 +2,6 @@ package webhook import ( "context" - "errors" "fmt" "html" "net/http" @@ -10,6 +9,7 @@ import ( "regexp" "strconv" "strings" + "sync" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/util/retry" @@ -19,6 +19,7 @@ import ( "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argosettings "github.com/argoproj/argo-cd/v2/util/settings" + "github.com/argoproj/argo-cd/v2/util/webhook" "github.com/go-playground/webhooks/v6/azuredevops" "github.com/go-playground/webhooks/v6/github" @@ -26,16 +27,17 @@ import ( log "github.com/sirupsen/logrus" ) -var errBasicAuthVerificationFailed = errors.New("basic auth verification failed") +const payloadQueueSize = 50000 type WebhookHandler struct { - namespace string - github *github.Webhook - gitlab *gitlab.Webhook - azuredevops *azuredevops.Webhook - azuredevopsAuthHandler func(r *http.Request) error - client client.Client - generators map[string]generators.Generator + sync.WaitGroup // for testing + namespace string + github *github.Webhook + gitlab *gitlab.Webhook + azuredevops *azuredevops.Webhook + client client.Client + generators map[string]generators.Generator + queue chan interface{} } type gitGeneratorInfo struct { @@ -66,7 +68,7 @@ type prGeneratorGitlabInfo struct { APIHostname string } -func NewWebhookHandler(namespace string, argocdSettingsMgr *argosettings.SettingsManager, client client.Client, generators map[string]generators.Generator) (*WebhookHandler, error) { +func NewWebhookHandler(namespace string, webhookParallelism int, argocdSettingsMgr *argosettings.SettingsManager, client client.Client, generators map[string]generators.Generator) (*WebhookHandler, error) { // register the webhook secrets stored under "argocd-secret" for verifying incoming payloads argocdSettings, err := argocdSettingsMgr.GetSettings() if err != nil { @@ -80,29 +82,40 @@ func NewWebhookHandler(namespace string, argocdSettingsMgr *argosettings.Setting if err != nil { return nil, fmt.Errorf("Unable to init GitLab webhook: %w", err) } - azuredevopsHandler, err := azuredevops.New() + azuredevopsHandler, err := azuredevops.New(azuredevops.Options.BasicAuth(argocdSettings.WebhookAzureDevOpsUsername, argocdSettings.WebhookAzureDevOpsPassword)) if err != nil { return nil, fmt.Errorf("Unable to init Azure DevOps webhook: %w", err) } - azuredevopsAuthHandler := func(r *http.Request) error { - if argocdSettings.WebhookAzureDevOpsUsername != "" && argocdSettings.WebhookAzureDevOpsPassword != "" { - username, password, ok := r.BasicAuth() - if !ok || username != argocdSettings.WebhookAzureDevOpsUsername || password != argocdSettings.WebhookAzureDevOpsPassword { - return errBasicAuthVerificationFailed - } - } - return nil + + webhookHandler := &WebhookHandler{ + namespace: namespace, + github: githubHandler, + gitlab: gitlabHandler, + azuredevops: azuredevopsHandler, + client: client, + generators: generators, + queue: make(chan interface{}, payloadQueueSize), } - return &WebhookHandler{ - namespace: namespace, - github: githubHandler, - gitlab: gitlabHandler, - azuredevops: azuredevopsHandler, - azuredevopsAuthHandler: azuredevopsAuthHandler, - client: client, - generators: generators, - }, nil + webhookHandler.startWorkerPool(webhookParallelism) + + return webhookHandler, nil +} + +func (h *WebhookHandler) startWorkerPool(webhookParallelism int) { + for i := 0; i < webhookParallelism; i++ { + h.Add(1) + go func() { + defer h.Done() + for { + payload, ok := <-h.queue + if !ok { + return + } + h.HandleEvent(payload) + } + }() + } } func (h *WebhookHandler) HandleEvent(payload interface{}) { @@ -153,13 +166,7 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { case r.Header.Get("X-Gitlab-Event") != "": payload, err = h.gitlab.Parse(r, gitlab.PushEvents, gitlab.TagEvents, gitlab.MergeRequestEvents) case r.Header.Get("X-Vss-Activityid") != "": - if err = h.azuredevopsAuthHandler(r); err != nil { - if errors.Is(err, errBasicAuthVerificationFailed) { - log.WithField(common.SecurityField, common.SecurityHigh).Infof("Azure DevOps webhook basic auth verification failed") - } - } else { - payload, err = h.azuredevops.Parse(r, azuredevops.GitPushEventType, azuredevops.GitPullRequestCreatedEventType, azuredevops.GitPullRequestUpdatedEventType, azuredevops.GitPullRequestMergedEventType) - } + payload, err = h.azuredevops.Parse(r, azuredevops.GitPushEventType, azuredevops.GitPullRequestCreatedEventType, azuredevops.GitPullRequestUpdatedEventType, azuredevops.GitPullRequestMergedEventType) default: log.Debug("Ignoring unknown webhook event") http.Error(w, "Unknown webhook event", http.StatusBadRequest) @@ -176,12 +183,12 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { return } - h.HandleEvent(payload) -} - -func parseRevision(ref string) string { - refParts := strings.SplitN(ref, "/", 3) - return refParts[len(refParts)-1] + select { + case h.queue <- payload: + default: + log.Info("Queue is full, discarding webhook payload") + http.Error(w, "Queue is full, discarding webhook payload", http.StatusServiceUnavailable) + } } func getGitGeneratorInfo(payload interface{}) *gitGeneratorInfo { @@ -193,16 +200,16 @@ func getGitGeneratorInfo(payload interface{}) *gitGeneratorInfo { switch payload := payload.(type) { case github.PushPayload: webURL = payload.Repository.HTMLURL - revision = parseRevision(payload.Ref) + revision = webhook.ParseRevision(payload.Ref) touchedHead = payload.Repository.DefaultBranch == revision case gitlab.PushEventPayload: webURL = payload.Project.WebURL - revision = parseRevision(payload.Ref) + revision = webhook.ParseRevision(payload.Ref) touchedHead = payload.Project.DefaultBranch == revision case azuredevops.GitPushEvent: // See: https://learn.microsoft.com/en-us/azure/devops/service-hooks/events?view=azure-devops#git.push webURL = payload.Resource.Repository.RemoteURL - revision = parseRevision(payload.Resource.RefUpdates[0].Name) + revision = webhook.ParseRevision(payload.Resource.RefUpdates[0].Name) touchedHead = payload.Resource.RefUpdates[0].Name == payload.Resource.Repository.DefaultBranch // unfortunately, Azure DevOps doesn't provide a list of changed files default: @@ -362,12 +369,12 @@ func shouldRefreshPluginGenerator(gen *v1alpha1.PluginGenerator) bool { } func genRevisionHasChanged(gen *v1alpha1.GitGenerator, revision string, touchedHead bool) bool { - targetRev := parseRevision(gen.Revision) + targetRev := webhook.ParseRevision(gen.Revision) if targetRev == "HEAD" || targetRev == "" { // revision is head return touchedHead } - return targetRev == revision + return targetRev == revision || gen.Revision == revision } func gitGeneratorUsesURL(gen *v1alpha1.GitGenerator, webURL string, repoRegexp *regexp.Regexp) bool { diff --git a/applicationset/webhook/webhook_test.go b/applicationset/webhook/webhook_test.go index 14fc5ce68503b..046bbf35f09ab 100644 --- a/applicationset/webhook/webhook_test.go +++ b/applicationset/webhook/webhook_test.go @@ -67,6 +67,15 @@ func TestWebhookHandler(t *testing.T) { expectedStatusCode: http.StatusOK, expectedRefresh: true, }, + { + desc: "WebHook from a GitHub repository via Commit shorthand", + headerKey: "X-GitHub-Event", + headerValue: "push", + payloadFile: "github-commit-event-feature-branch.json", + effectedAppSets: []string{"github-shorthand", "matrix-pull-request-github-plugin", "plugin"}, + expectedStatusCode: http.StatusOK, + expectedRefresh: true, + }, { desc: "WebHook from a GitHub repository via Commit to branch", headerKey: "X-GitHub-Event", @@ -178,6 +187,7 @@ func TestWebhookHandler(t *testing.T) { } namespace := "test" + webhookParallelism := 10 fakeClient := newFakeClient(namespace) scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) @@ -191,6 +201,7 @@ func TestWebhookHandler(t *testing.T) { fakeAppWithGitGenerator("git-github", namespace, "https://github.com/org/repo"), fakeAppWithGitGenerator("git-gitlab", namespace, "https://gitlab/group/name"), fakeAppWithGitGenerator("git-azure-devops", namespace, "https://dev.azure.com/fabrikam-fiber-inc/DefaultCollection/_git/Fabrikam-Fiber-Git"), + fakeAppWithGitGeneratorWithRevision("github-shorthand", namespace, "https://github.com/org/repo", "env/dev"), fakeAppWithGithubPullRequestGenerator("pull-request-github", namespace, "CodErTOcat", "Hello-World"), fakeAppWithGitlabPullRequestGenerator("pull-request-gitlab", namespace, "100500"), fakeAppWithAzureDevOpsPullRequestGenerator("pull-request-azure-devops", namespace, "DefaultCollection", "Fabrikam"), @@ -206,7 +217,7 @@ func TestWebhookHandler(t *testing.T) { fakeAppWithMergeAndNestedGitGenerator("merge-nested-git-github", namespace, "https://github.com/org/repo"), ).Build() set := argosettings.NewSettingsManager(context.TODO(), fakeClient, namespace) - h, err := NewWebhookHandler(namespace, set, fc, mockGenerators()) + h, err := NewWebhookHandler(namespace, webhookParallelism, set, fc, mockGenerators()) require.NoError(t, err) req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) @@ -217,6 +228,8 @@ func TestWebhookHandler(t *testing.T) { w := httptest.NewRecorder() h.Handler(w, req) + close(h.queue) + h.Wait() assert.Equal(t, test.expectedStatusCode, w.Code) list := &v1alpha1.ApplicationSetList{} @@ -299,14 +312,62 @@ func mockGenerators() map[string]generators.Generator { } func TestGenRevisionHasChanged(t *testing.T) { - assert.True(t, genRevisionHasChanged(&v1alpha1.GitGenerator{}, "master", true)) - assert.False(t, genRevisionHasChanged(&v1alpha1.GitGenerator{}, "master", false)) - - assert.True(t, genRevisionHasChanged(&v1alpha1.GitGenerator{Revision: "dev"}, "dev", true)) - assert.False(t, genRevisionHasChanged(&v1alpha1.GitGenerator{Revision: "dev"}, "master", false)) - - assert.True(t, genRevisionHasChanged(&v1alpha1.GitGenerator{Revision: "refs/heads/dev"}, "dev", true)) - assert.False(t, genRevisionHasChanged(&v1alpha1.GitGenerator{Revision: "refs/heads/dev"}, "master", false)) + type args struct { + gen *v1alpha1.GitGenerator + revision string + touchedHead bool + } + tests := []struct { + name string + args args + want bool + }{ + {name: "touchedHead", args: args{ + gen: &v1alpha1.GitGenerator{}, + revision: "main", + touchedHead: true, + }, want: true}, + {name: "didntTouchHead", args: args{ + gen: &v1alpha1.GitGenerator{}, + revision: "main", + touchedHead: false, + }, want: false}, + {name: "foundEqualShort", args: args{ + gen: &v1alpha1.GitGenerator{Revision: "dev"}, + revision: "dev", + touchedHead: true, + }, want: true}, + {name: "foundEqualLongGen", args: args{ + gen: &v1alpha1.GitGenerator{Revision: "refs/heads/dev"}, + revision: "dev", + touchedHead: true, + }, want: true}, + {name: "foundNotEqualLongGen", args: args{ + gen: &v1alpha1.GitGenerator{Revision: "refs/heads/dev"}, + revision: "main", + touchedHead: true, + }, want: false}, + {name: "foundNotEqualShort", args: args{ + gen: &v1alpha1.GitGenerator{Revision: "dev"}, + revision: "main", + touchedHead: false, + }, want: false}, + {name: "foundEqualTag", args: args{ + gen: &v1alpha1.GitGenerator{Revision: "v3.14.1"}, + revision: "v3.14.1", + touchedHead: false, + }, want: true}, + {name: "foundEqualTagLongGen", args: args{ + gen: &v1alpha1.GitGenerator{Revision: "refs/tags/v3.14.1"}, + revision: "v3.14.1", + touchedHead: false, + }, want: true}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, genRevisionHasChanged(tt.args.gen, tt.args.revision, tt.args.touchedHead), "genRevisionHasChanged(%v, %v, %v)", tt.args.gen, tt.args.revision, tt.args.touchedHead) + }) + } } func fakeAppWithGitGenerator(name, namespace, repo string) *v1alpha1.ApplicationSet { @@ -328,6 +389,12 @@ func fakeAppWithGitGenerator(name, namespace, repo string) *v1alpha1.Application } } +func fakeAppWithGitGeneratorWithRevision(name, namespace, repo, revision string) *v1alpha1.ApplicationSet { + appSet := fakeAppWithGitGenerator(name, namespace, repo) + appSet.Spec.Generators[0].Git.Revision = revision + return appSet +} + func fakeAppWithGitlabPullRequestGenerator(name, namespace, projectId string) *v1alpha1.ApplicationSet { return &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -708,7 +775,7 @@ func fakeAppWithMatrixAndPullRequestGeneratorWithPluginGenerator(name, namespace func newFakeClient(ns string) *kubefake.Clientset { s := runtime.NewScheme() s.AddKnownTypes(v1alpha1.SchemeGroupVersion, &v1alpha1.ApplicationSet{}) - return kubefake.NewSimpleClientset(&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "argocd-cm", Namespace: ns, Labels: map[string]string{ + return kubefake.NewClientset(&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "argocd-cm", Namespace: ns, Labels: map[string]string{ "app.kubernetes.io/part-of": "argocd", }}}, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ diff --git a/assets/builtin-policy.csv b/assets/builtin-policy.csv index 9413b53d1cba5..81c8ca5092cb4 100644 --- a/assets/builtin-policy.csv +++ b/assets/builtin-policy.csv @@ -1,10 +1,10 @@ # Built-in policy which defines two roles: role:readonly and role:admin, # and additionally assigns the admin user to the role:admin role. # There are two policy formats: -# 1. Applications, logs, and exec (which belong to a project): -# p, , , , / +# 1. Applications, applicationsets, logs, and exec (which belong to a project): +# p, , , , /, # 2. All other resources: -# p, , , , +# p, , , , , p, role:readonly, applications, get, */*, allow p, role:readonly, certificates, get, *, allow diff --git a/assets/swagger.json b/assets/swagger.json index 818488ca7383d..385d1ef4fd408 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -2083,6 +2083,11 @@ "type": "boolean", "name": "upsert", "in": "query" + }, + { + "type": "boolean", + "name": "dryRun", + "in": "query" } ], "responses": { @@ -2101,6 +2106,39 @@ } } }, + "/api/v1/applicationsets/generate": { + "post": { + "tags": [ + "ApplicationSetService" + ], + "summary": "Generate generates", + "operationId": "ApplicationSetService_Generate", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/applicationsetApplicationSetGenerateRequest" + } + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/applicationsetApplicationSetGenerateResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, "/api/v1/applicationsets/{name}": { "get": { "tags": [ @@ -4652,6 +4690,27 @@ } } }, + "applicationsetApplicationSetGenerateRequest": { + "type": "object", + "title": "ApplicationSetGetQuery is a query for applicationset resources", + "properties": { + "applicationSet": { + "$ref": "#/definitions/v1alpha1ApplicationSet" + } + } + }, + "applicationsetApplicationSetGenerateResponse": { + "type": "object", + "title": "ApplicationSetGenerateResponse is a response for applicationset generate request", + "properties": { + "applications": { + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1Application" + } + } + } + }, "applicationsetApplicationSetResponse": { "type": "object", "properties": { @@ -4677,6 +4736,43 @@ } } }, + "applicationv1alpha1ResourceStatus": { + "type": "object", + "title": "ResourceStatus holds the current sync and health status of a resource\nTODO: describe members of this type", + "properties": { + "group": { + "type": "string" + }, + "health": { + "$ref": "#/definitions/v1alpha1HealthStatus" + }, + "hook": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "requiresPruning": { + "type": "boolean" + }, + "status": { + "type": "string" + }, + "syncWave": { + "type": "integer", + "format": "int64" + }, + "version": { + "type": "string" + } + } + }, "clusterClusterID": { "type": "object", "title": "ClusterID holds a cluster server URL or cluster name", @@ -4821,6 +4917,12 @@ "help": { "$ref": "#/definitions/clusterHelp" }, + "impersonationEnabled": { + "type": "boolean" + }, + "installationID": { + "type": "string" + }, "kustomizeOptions": { "$ref": "#/definitions/v1alpha1KustomizeOptions" }, @@ -5266,6 +5368,13 @@ "applicationVersions": { "$ref": "#/definitions/repositoryApplicationVersions" }, + "commands": { + "type": "array", + "title": "Commands is the list of commands used to hydrate the manifests", + "items": { + "type": "string" + } + }, "commitAuthor": { "type": "string" }, @@ -5691,7 +5800,7 @@ "properties": { "matchExpressions": { "type": "array", - "title": "matchExpressions is a list of label selector requirements. The requirements are ANDed.\n+optional", + "title": "matchExpressions is a list of label selector requirements. The requirements are ANDed.\n+optional\n+listType=atomic", "items": { "$ref": "#/definitions/v1LabelSelectorRequirement" } @@ -5719,7 +5828,7 @@ }, "values": { "type": "array", - "title": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.\n+optional", + "title": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.\n+optional\n+listType=atomic", "items": { "type": "string" } @@ -5843,7 +5952,7 @@ "type": "string" }, "kubeProxyVersion": { - "description": "KubeProxy Version reported by the node.", + "description": "Deprecated: KubeProxy Version reported by the node.", "type": "string" }, "kubeletVersion": { @@ -5892,7 +6001,7 @@ }, "finalizers": { "type": "array", - "title": "Must be empty before the object is deleted from the registry. Each entry\nis an identifier for the responsible component that will remove the entry\nfrom the list. If the deletionTimestamp of the object is non-nil, entries\nin this list can only be removed.\nFinalizers may be processed and removed in any order. Order is NOT enforced\nbecause it introduces significant risk of stuck finalizers.\nfinalizers is a shared field, any actor with permission can reorder it.\nIf the finalizer list is processed in order, then this can lead to a situation\nin which the component responsible for the first finalizer in the list is\nwaiting for a signal (field value, external system, or other) produced by a\ncomponent responsible for a finalizer later in the list, resulting in a deadlock.\nWithout enforced ordering finalizers are free to order amongst themselves and\nare not vulnerable to ordering changes in the list.\n+optional\n+patchStrategy=merge", + "title": "Must be empty before the object is deleted from the registry. Each entry\nis an identifier for the responsible component that will remove the entry\nfrom the list. If the deletionTimestamp of the object is non-nil, entries\nin this list can only be removed.\nFinalizers may be processed and removed in any order. Order is NOT enforced\nbecause it introduces significant risk of stuck finalizers.\nfinalizers is a shared field, any actor with permission can reorder it.\nIf the finalizer list is processed in order, then this can lead to a situation\nin which the component responsible for the first finalizer in the list is\nwaiting for a signal (field value, external system, or other) produced by a\ncomponent responsible for a finalizer later in the list, resulting in a deadlock.\nWithout enforced ordering finalizers are free to order amongst themselves and\nare not vulnerable to ordering changes in the list.\n+optional\n+patchStrategy=merge\n+listType=set", "items": { "type": "string" } @@ -5914,7 +6023,7 @@ } }, "managedFields": { - "description": "ManagedFields maps workflow-id and version to the set of fields\nthat are managed by that workflow. This is mostly for internal\nhousekeeping, and users typically shouldn't need to set or\nunderstand this field. A workflow can be the user's name, a\ncontroller's name, or the name of a specific apply path like\n\"ci-cd\". The set of fields is always in the version that the\nworkflow used when modifying the object.\n\n+optional", + "description": "ManagedFields maps workflow-id and version to the set of fields\nthat are managed by that workflow. This is mostly for internal\nhousekeeping, and users typically shouldn't need to set or\nunderstand this field. A workflow can be the user's name, a\ncontroller's name, or the name of a specific apply path like\n\"ci-cd\". The set of fields is always in the version that the\nworkflow used when modifying the object.\n\n+optional\n+listType=atomic", "type": "array", "items": { "$ref": "#/definitions/v1ManagedFieldsEntry" @@ -5930,7 +6039,7 @@ }, "ownerReferences": { "type": "array", - "title": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.\n+optional\n+patchMergeKey=uid\n+patchStrategy=merge", + "title": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.\n+optional\n+patchMergeKey=uid\n+patchStrategy=merge\n+listType=map\n+listMapKey=uid", "items": { "$ref": "#/definitions/v1OwnerReference" } @@ -6106,6 +6215,13 @@ "type": "string", "title": "Description contains optional project description" }, + "destinationServiceAccounts": { + "description": "DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination.", + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1ApplicationDestinationServiceAccount" + } + }, "destinations": { "type": "array", "title": "Destinations contains list of destinations available for deployment", @@ -6237,6 +6353,24 @@ } } }, + "v1alpha1ApplicationDestinationServiceAccount": { + "description": "ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation.", + "type": "object", + "properties": { + "defaultServiceAccount": { + "type": "string", + "title": "DefaultServiceAccount to be used for impersonation during the sync operation" + }, + "namespace": { + "description": "Namespace specifies the target namespace for the application's resources.", + "type": "string" + }, + "server": { + "description": "Server specifies the URL of the target cluster's Kubernetes control plane API.", + "type": "string" + } + } + }, "v1alpha1ApplicationList": { "type": "object", "title": "ApplicationList is list of Application resources\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object", @@ -6561,7 +6695,7 @@ "description": "Resources is a list of Applications resources managed by this application set.", "type": "array", "items": { - "$ref": "#/definitions/v1alpha1ResourceStatus" + "$ref": "#/definitions/applicationv1alpha1ResourceStatus" } } } @@ -6710,6 +6844,13 @@ "type": "object", "title": "ApplicationSourceHelm holds helm specific options", "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "type": "array", + "items": { + "type": "string" + } + }, "fileParameters": { "type": "array", "title": "FileParameters are file parameters to the helm template", @@ -6721,6 +6862,14 @@ "type": "boolean", "title": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, "parameters": { "type": "array", "title": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", @@ -6791,6 +6940,13 @@ "type": "object", "title": "ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize", "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "type": "array", + "items": { + "type": "string" + } + }, "commonAnnotations": { "type": "object", "title": "CommonAnnotations is a list of additional annotations to add to rendered manifests", @@ -6835,6 +6991,10 @@ "type": "string" } }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, "labelWithoutSelector": { "type": "boolean", "title": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" @@ -7006,7 +7166,7 @@ "type": "array", "title": "Resources is a list of Kubernetes resources managed by this application", "items": { - "$ref": "#/definitions/v1alpha1ResourceStatus" + "$ref": "#/definitions/applicationv1alpha1ResourceStatus" } }, "sourceType": { @@ -7072,6 +7232,11 @@ "items": { "$ref": "#/definitions/v1alpha1ResourceNode" } + }, + "shardsCount": { + "type": "integer", + "format": "int64", + "title": "ShardsCount contains total number of shards the application tree is split into" } } }, @@ -7119,6 +7284,15 @@ } } }, + "v1alpha1BearerTokenBitbucket": { + "description": "BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth.", + "type": "object", + "properties": { + "tokenRef": { + "$ref": "#/definitions/v1alpha1SecretRef" + } + } + }, "v1alpha1BearerTokenBitbucketCloud": { "description": "BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.", "type": "object", @@ -7389,6 +7563,18 @@ } } }, + "v1alpha1ConfigMapKeyRef": { + "description": "Utility struct for a reference to a configmap key.", + "type": "object", + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + } + }, "v1alpha1ConnectionState": { "type": "object", "title": "ConnectionState contains information about remote resource connection state, currently used for clusters and repositories", @@ -8216,6 +8402,16 @@ "basicAuth": { "$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer" }, + "bearerToken": { + "$ref": "#/definitions/v1alpha1BearerTokenBitbucket" + }, + "caRef": { + "$ref": "#/definitions/v1alpha1ConfigMapKeyRef" + }, + "insecure": { + "type": "boolean", + "title": "Allow self-signed TLS / Certificates; default: false" + }, "project": { "description": "Project to scan. Required.", "type": "string" @@ -8246,6 +8442,9 @@ "description": "The GitLab API URL to talk to. If blank, uses https://gitlab.com/.", "type": "string" }, + "caRef": { + "$ref": "#/definitions/v1alpha1ConfigMapKeyRef" + }, "insecure": { "type": "boolean", "title": "Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false" @@ -8361,6 +8560,10 @@ "type": "string", "title": "GithubAppPrivateKey specifies the private key PEM data for authentication via GitHub app" }, + "noProxy": { + "type": "string", + "title": "NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied" + }, "password": { "type": "string", "title": "Password for authenticating at the repo server" @@ -8467,6 +8670,10 @@ "type": "string", "title": "Name specifies a name to be used for this repo. Only used with Helm repos" }, + "noProxy": { + "type": "string", + "title": "NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied" + }, "password": { "type": "string", "title": "Password contains the password or PAT used for authenticating at the remote repository" @@ -8878,43 +9085,6 @@ } } }, - "v1alpha1ResourceStatus": { - "type": "object", - "title": "ResourceStatus holds the current sync and health status of a resource\nTODO: describe members of this type", - "properties": { - "group": { - "type": "string" - }, - "health": { - "$ref": "#/definitions/v1alpha1HealthStatus" - }, - "hook": { - "type": "boolean" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "requiresPruning": { - "type": "boolean" - }, - "status": { - "type": "string" - }, - "syncWave": { - "type": "integer", - "format": "int64" - }, - "version": { - "type": "string" - } - } - }, "v1alpha1RetryStrategy": { "type": "object", "title": "RetryStrategy contains information about the strategy to apply when a sync failed", @@ -9137,6 +9307,16 @@ "basicAuth": { "$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer" }, + "bearerToken": { + "$ref": "#/definitions/v1alpha1BearerTokenBitbucket" + }, + "caRef": { + "$ref": "#/definitions/v1alpha1ConfigMapKeyRef" + }, + "insecure": { + "type": "boolean", + "title": "Allow self-signed TLS / Certificates; default: false" + }, "project": { "description": "Project to scan. Required.", "type": "string" @@ -9237,6 +9417,9 @@ "description": "The Gitlab API URL to talk to.", "type": "string" }, + "caRef": { + "$ref": "#/definitions/v1alpha1ConfigMapKeyRef" + }, "group": { "description": "Gitlab group to scan. Required. You can use either the project id (recommended) or the full namespaced path.", "type": "string" @@ -9288,6 +9471,11 @@ "description": "SyncOperation contains details about a sync operation.", "type": "object", "properties": { + "autoHealAttemptsCount": { + "type": "integer", + "format": "int64", + "title": "SelfHealAttemptsCount contains the number of auto-heal attempts" + }, "dryRun": { "type": "boolean", "title": "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync" diff --git a/changelog/CHANGELOG.md b/changelog/CHANGELOG.md index f26d54ef9a0d6..bea00bb161dbc 100644 --- a/changelog/CHANGELOG.md +++ b/changelog/CHANGELOG.md @@ -1,2 +1,2 @@ ### Features -- feat(event-reporter): multisourced apps support improvements: reporting syncOperationRevisions, detecting correct resource sourceIdx, reporting correct git commit info \ No newline at end of file +- chore(argo-cd): upgraded core to argo-cd OSS (2.13.3) \ No newline at end of file diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index 5d7fd803e7aca..0468e4fd473dc 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -4,12 +4,16 @@ import ( "context" "fmt" "math" + "os" + "os/signal" + "syscall" "time" "github.com/argoproj/pkg/stats" "github.com/redis/go-redis/v9" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" @@ -21,6 +25,7 @@ import ( appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/v2/pkg/ratelimiter" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/argo/normalizers" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" @@ -53,12 +58,16 @@ func NewCommand() *cobra.Command { repoServerAddress string repoServerTimeoutSeconds int selfHealTimeoutSeconds int + selfHealBackoffTimeoutSeconds int + selfHealBackoffFactor int + selfHealBackoffCapSeconds int statusProcessors int operationProcessors int glogLevel int metricsPort int metricsCacheExpiration time.Duration metricsAplicationLabels []string + metricsAplicationConditions []string kubectlParallelismLimit int64 cacheSource func() (*appstatecache.Cache, error) redisClient *redis.Client @@ -74,6 +83,9 @@ func NewCommand() *cobra.Command { enableDynamicClusterDistribution bool serverSideDiff bool ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts + + // argocd k8s event logging flag + enableK8sEvent []string ) command := cobra.Command{ Use: cliName, @@ -148,6 +160,14 @@ func NewCommand() *cobra.Command { kubectl := kubeutil.NewKubectl() clusterSharding, err := sharding.GetClusterSharding(kubeClient, settingsMgr, shardingAlgorithm, enableDynamicClusterDistribution) errors.CheckError(err) + var selfHealBackoff *wait.Backoff + if selfHealBackoffTimeoutSeconds != 0 { + selfHealBackoff = &wait.Backoff{ + Duration: time.Duration(selfHealBackoffTimeoutSeconds) * time.Second, + Factor: float64(selfHealBackoffFactor), + Cap: time.Duration(selfHealBackoffCapSeconds) * time.Second, + } + } appController, err = controller.NewApplicationController( namespace, settingsMgr, @@ -160,10 +180,12 @@ func NewCommand() *cobra.Command { hardResyncDuration, time.Duration(appResyncJitter)*time.Second, time.Duration(selfHealTimeoutSeconds)*time.Second, + selfHealBackoff, time.Duration(repoErrorGracePeriod)*time.Second, metricsPort, metricsCacheExpiration, metricsAplicationLabels, + metricsAplicationConditions, kubectlParallelismLimit, persistResourceHealth, clusterSharding, @@ -172,6 +194,7 @@ func NewCommand() *cobra.Command { serverSideDiff, enableDynamicClusterDistribution, ignoreNormalizerOpts, + enableK8sEvent, ) errors.CheckError(err) cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer()) @@ -188,10 +211,22 @@ func NewCommand() *cobra.Command { defer closeTracer() } + // Graceful shutdown code + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM) + go func() { + s := <-sigCh + log.Printf("got signal %v, attempting graceful shutdown", s) + cancel() + }() + go appController.Run(ctx, statusProcessors, operationProcessors) - // Wait forever - select {} + <-ctx.Done() + + log.Println("clean shutdown") + + return nil }, } @@ -209,11 +244,15 @@ func NewCommand() *cobra.Command { command.Flags().IntVar(&glogLevel, "gloglevel", 0, "Set the glog logging level") command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDMetrics, "Start metrics server on given port") command.Flags().DurationVar(&metricsCacheExpiration, "metrics-cache-expiration", env.ParseDurationFromEnv("ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION", 0*time.Second, 0, math.MaxInt64), "Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s)") - command.Flags().IntVar(&selfHealTimeoutSeconds, "self-heal-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS", 5, 0, math.MaxInt32), "Specifies timeout between application self heal attempts") + command.Flags().IntVar(&selfHealTimeoutSeconds, "self-heal-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS", 0, 0, math.MaxInt32), "Specifies timeout between application self heal attempts") + command.Flags().IntVar(&selfHealBackoffTimeoutSeconds, "self-heal-backoff-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS", 2, 0, math.MaxInt32), "Specifies initial timeout of exponential backoff between self heal attempts") + command.Flags().IntVar(&selfHealBackoffFactor, "self-heal-backoff-factor", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR", 3, 0, math.MaxInt32), "Specifies factor of exponential timeout between application self heal attempts") + command.Flags().IntVar(&selfHealBackoffCapSeconds, "self-heal-backoff-cap-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS", 300, 0, math.MaxInt32), "Specifies max timeout of exponential backoff between application self heal attempts") command.Flags().Int64Var(&kubectlParallelismLimit, "kubectl-parallelism-limit", env.ParseInt64FromEnv("ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT", 20, 0, math.MaxInt64), "Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit.") command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server") command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server") command.Flags().StringSliceVar(&metricsAplicationLabels, "metrics-application-labels", []string{}, "List of Application labels that will be added to the argocd_application_labels metric") + command.Flags().StringSliceVar(&metricsAplicationConditions, "metrics-application-conditions", []string{}, "List of Application conditions that will be added to the argocd_application_conditions metric") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().BoolVar(&otlpInsecure, "otlp-insecure", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE", true), "OpenTelemetry collector insecure mode") command.Flags().StringToStringVar(&otlpHeaders, "otlp-headers", env.ParseStringToStringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS", map[string]string{}, ","), "List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2)") @@ -233,6 +272,9 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&enableDynamicClusterDistribution, "dynamic-cluster-distribution-enabled", env.ParseBoolFromEnv(common.EnvEnableDynamicClusterDistribution, false), "Enables dynamic cluster distribution.") command.Flags().BoolVar(&serverSideDiff, "server-side-diff-enabled", env.ParseBoolFromEnv(common.EnvServerSideDiff, false), "Feature flag to enable ServerSide diff. Default (\"false\")") command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout-seconds", env.ParseDurationFromEnv("ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT", 0*time.Second, 0, math.MaxInt64), "Set ignore normalizer JQ execution timeout") + // argocd k8s event logging flag + command.Flags().StringSliceVar(&enableK8sEvent, "enable-k8s-event", env.StringsFromEnv("ARGOCD_ENABLE_K8S_EVENT", argo.DefaultEnableEventList(), ","), "Enable ArgoCD to use k8s event. For disabling all events, set the value as `none`. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated)") + cacheSource = appstatecache.AddCacheFlagsToCmd(&command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { redisClient = client diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index 12eed122e3990..d2f4ce36d98cf 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -12,6 +12,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + logutils "github.com/argoproj/argo-cd/v2/util/log" "github.com/argoproj/argo-cd/v2/util/tls" "github.com/argoproj/argo-cd/v2/applicationset/controllers" @@ -34,6 +35,7 @@ import ( ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + appsetmetrics "github.com/argoproj/argo-cd/v2/applicationset/metrics" "github.com/argoproj/argo-cd/v2/applicationset/services" appv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" @@ -68,7 +70,9 @@ func NewCommand() *cobra.Command { allowedScmProviders []string globalPreservedAnnotations []string globalPreservedLabels []string + metricsAplicationsetLabels []string enableScmProviders bool + webhookParallelism int ) scheme := runtime.NewScheme() _ = clientgoscheme.AddToScheme(scheme) @@ -94,6 +98,8 @@ func NewCommand() *cobra.Command { cli.SetLogFormat(cmdutil.LogFormat) cli.SetLogLevel(cmdutil.LogLevel) + ctrl.SetLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())) + restConfig, err := clientConfig.ClientConfig() errors.CheckError(err) @@ -126,7 +132,14 @@ func NewCommand() *cobra.Command { } } - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + cfg := ctrl.GetConfigOrDie() + err = appv1alpha1.SetK8SConfigDefaults(cfg) + if err != nil { + log.Error(err, "Unable to apply K8s REST config defaults") + os.Exit(1) + } + + mgr, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ BindAddress: metricsAddr, @@ -152,13 +165,11 @@ func NewCommand() *cobra.Command { appSetConfig := appclientset.NewForConfigOrDie(mgr.GetConfig()) argoCDDB := db.NewDB(namespace, argoSettingsMgr, k8sClient) - scmAuth := generators.SCMAuthProviders{ - GitHubApps: github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB)), - } + scmConfig := generators.NewSCMConfig(scmRootCAPath, allowedScmProviders, enableScmProviders, github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB))) tlsConfig := apiclient.TLSConfiguration{ DisableTLS: repoServerPlaintext, - StrictValidation: repoServerPlaintext, + StrictValidation: repoServerStrictTLS, } if !repoServerPlaintext && repoServerStrictTLS { @@ -174,42 +185,10 @@ func NewCommand() *cobra.Command { argoCDService, err := services.NewArgoCDService(argoCDDB.GetRepository, gitSubmoduleEnabled, repoClientset, enableNewGitFileGlobbing) errors.CheckError(err) - terminalGenerators := map[string]generators.Generator{ - "List": generators.NewListGenerator(), - "Clusters": generators.NewClusterGenerator(mgr.GetClient(), ctx, k8sClient, namespace), - "Git": generators.NewGitGenerator(argoCDService, namespace), - "SCMProvider": generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders), - "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), - "PullRequest": generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders), - "Plugin": generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace), - } - - nestedGenerators := map[string]generators.Generator{ - "List": terminalGenerators["List"], - "Clusters": terminalGenerators["Clusters"], - "Git": terminalGenerators["Git"], - "SCMProvider": terminalGenerators["SCMProvider"], - "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], - "PullRequest": terminalGenerators["PullRequest"], - "Plugin": terminalGenerators["Plugin"], - "Matrix": generators.NewMatrixGenerator(terminalGenerators), - "Merge": generators.NewMergeGenerator(terminalGenerators), - } - - topLevelGenerators := map[string]generators.Generator{ - "List": terminalGenerators["List"], - "Clusters": terminalGenerators["Clusters"], - "Git": terminalGenerators["Git"], - "SCMProvider": terminalGenerators["SCMProvider"], - "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], - "PullRequest": terminalGenerators["PullRequest"], - "Plugin": terminalGenerators["Plugin"], - "Matrix": generators.NewMatrixGenerator(nestedGenerators), - "Merge": generators.NewMergeGenerator(nestedGenerators), - } + topLevelGenerators := generators.GetGenerators(ctx, mgr.GetClient(), k8sClient, namespace, argoCDService, dynamicClient, scmConfig) // start a webhook server that listens to incoming webhook payloads - webhookHandler, err := webhook.NewWebhookHandler(namespace, argoSettingsMgr, mgr.GetClient(), topLevelGenerators) + webhookHandler, err := webhook.NewWebhookHandler(namespace, webhookParallelism, argoSettingsMgr, mgr.GetClient(), topLevelGenerators) if err != nil { log.Error(err, "failed to create webhook handler") } @@ -217,6 +196,13 @@ func NewCommand() *cobra.Command { startWebhookServer(webhookHandler, webhookAddr) } + metrics := appsetmetrics.NewApplicationsetMetrics( + utils.NewAppsetLister(mgr.GetClient()), + metricsAplicationsetLabels, + func(appset *appv1alpha1.ApplicationSet) bool { + return utils.IsNamespaceAllowed(applicationSetNamespaces, appset.Namespace) + }) + if err = (&controllers.ApplicationSetReconciler{ Generators: topLevelGenerators, Client: mgr.GetClient(), @@ -234,6 +220,7 @@ func NewCommand() *cobra.Command { SCMRootCAPath: scmRootCAPath, GlobalPreservedAnnotations: globalPreservedAnnotations, GlobalPreservedLabels: globalPreservedLabels, + Metrics: &metrics, }).SetupWithManager(mgr, enableProgressiveSyncs, maxConcurrentReconciliations); err != nil { log.Error(err, "unable to create controller", "controller", "ApplicationSet") os.Exit(1) @@ -257,7 +244,7 @@ func NewCommand() *cobra.Command { "Enabling this will ensure there is only one active controller manager.") command.Flags().StringSliceVar(&applicationSetNamespaces, "applicationset-namespaces", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES", []string{}, ","), "Argo CD applicationset namespaces") command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Argo CD repo server address") - command.Flags().StringVar(&policy, "policy", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_POLICY", ""), "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)") + command.Flags().StringVar(&policy, "policy", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_POLICY", ""), "Modify how application is synced between the generator and the cluster. Default is '' (empty), which means AppSets default to 'sync', but they may override that default. Setting an explicit value prevents AppSet-level overrides, unless --allow-policy-override is enabled. Explicit options are: 'sync' (create & update & delete), 'create-only', 'create-update' (no deletion), 'create-delete' (no update)") command.Flags().BoolVar(&enablePolicyOverride, "enable-policy-override", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE", policy == ""), "For security reason if 'policy' is set, it is not possible to override it at applicationSet level. 'allow-policy-override' allows user to define their own policy") command.Flags().BoolVar(&debugLog, "debug", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG", false), "Print debug logs. Takes precedence over loglevel") command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") @@ -274,6 +261,8 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&scmRootCAPath, "scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates") command.Flags().StringSliceVar(&globalPreservedAnnotations, "preserved-annotations", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS", []string{}, ","), "Sets global preserved field values for annotations") command.Flags().StringSliceVar(&globalPreservedLabels, "preserved-labels", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS", []string{}, ","), "Sets global preserved field values for labels") + command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently") + command.Flags().StringSliceVar(&metricsAplicationsetLabels, "metrics-applicationset-labels", []string{}, "List of Application labels that will be added to the argocd_applicationset_labels metric") return &command } @@ -281,7 +270,7 @@ func startWebhookServer(webhookHandler *webhook.WebhookHandler, webhookAddr stri mux := http.NewServeMux() mux.HandleFunc("/api/webhook", webhookHandler.Handler) go func() { - log.Info("Starting webhook server") + log.Infof("Starting webhook server %s", webhookAddr) err := http.ListenAndServe(webhookAddr, mux) if err != nil { log.Error(err, "failed to start webhook server") diff --git a/cmd/argocd-dex/commands/argocd_dex.go b/cmd/argocd-dex/commands/argocd_dex.go index 55b628ba96dc1..43efbbb050dd5 100644 --- a/cmd/argocd-dex/commands/argocd_dex.go +++ b/cmd/argocd-dex/commands/argocd_dex.go @@ -136,8 +136,8 @@ func NewRunDexCommand() *cobra.Command { } clientConfig = cli.AddKubectlFlagsToCmd(&command) - command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") - command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") + command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_DEX_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") + command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_DEX_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().BoolVar(&disableTLS, "disable-tls", env.ParseBoolFromEnv("ARGOCD_DEX_SERVER_DISABLE_TLS", false), "Disable TLS on the HTTP endpoint") return &command } @@ -204,8 +204,8 @@ func NewGenDexConfigCommand() *cobra.Command { } clientConfig = cli.AddKubectlFlagsToCmd(&command) - command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") - command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") + command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_DEX_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") + command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_DEX_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().StringVarP(&out, "out", "o", "", "Output to the specified file instead of stdout") command.Flags().BoolVar(&disableTLS, "disable-tls", env.ParseBoolFromEnv("ARGOCD_DEX_SERVER_DISABLE_TLS", false), "Disable TLS on the HTTP endpoint") return &command diff --git a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go index a5b925ca925b8..0b9d05787a6e1 100644 --- a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go +++ b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go @@ -5,8 +5,6 @@ import ( "os" "strings" - "github.com/argoproj/argo-cd/v2/util/git" - "github.com/spf13/cobra" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" @@ -33,9 +31,9 @@ func NewCommand() *cobra.Command { if len(os.Args) != 2 { errors.CheckError(fmt.Errorf("expected 1 argument, got %d", len(os.Args)-1)) } - nonce := os.Getenv(git.ASKPASS_NONCE_ENV) + nonce := os.Getenv(askpass.ASKPASS_NONCE_ENV) if nonce == "" { - errors.CheckError(fmt.Errorf("%s is not set", git.ASKPASS_NONCE_ENV)) + errors.CheckError(fmt.Errorf("%s is not set", askpass.ASKPASS_NONCE_ENV)) } conn, err := grpc_util.BlockingDial(ctx, "unix", askpass.SocketPath, nil, grpc.WithTransportCredentials(insecure.NewCredentials())) errors.CheckError(err) diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go index a2ae2cb7e4c51..7245a0b75a667 100644 --- a/cmd/argocd-notification/commands/controller.go +++ b/cmd/argocd-notification/commands/controller.go @@ -1,10 +1,14 @@ package commands import ( + "context" "fmt" "net/http" "os" + "os/signal" "strings" + "sync" + "syscall" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" @@ -62,7 +66,8 @@ func NewCommand() *cobra.Command { Use: "controller", Short: "Starts Argo CD Notifications controller", RunE: func(c *cobra.Command, args []string) error { - ctx := c.Context() + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() vers := common.GetVersion() namespace, _, err := clientConfig.Namespace() @@ -146,6 +151,17 @@ func NewCommand() *cobra.Command { return fmt.Errorf("failed to initialize controller: %w", err) } + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM) + wg := sync.WaitGroup{} + wg.Add(1) + go func() { + defer wg.Done() + s := <-sigCh + log.Printf("got signal %v, attempting graceful shutdown", s) + cancel() + }() + go ctrl.Run(ctx, processorsCount) <-ctx.Done() return nil @@ -159,7 +175,7 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&logFormat, "logformat", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port") command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address") - command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server") + command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Use a plaintext client (non-TLS) to connect to repository server") command.Flags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server") command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name") command.Flags().StringVar(&secretName, "secret-name", "argocd-notifications-secret", "Set notifications Secret name") diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index 6ed72d7c66db7..36013a7057f97 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -5,6 +5,10 @@ import ( "math" "net" "net/http" + "os" + "os/signal" + "sync" + "syscall" "time" "github.com/argoproj/pkg/stats" @@ -120,7 +124,7 @@ func NewCommand() *cobra.Command { helmRegistryMaxIndexSizeQuantity, err := resource.ParseQuantity(helmRegistryMaxIndexSize) errors.CheckError(err) - askPassServer := askpass.NewServer() + askPassServer := askpass.NewServer(askpass.SocketPath) metricsServer := metrics.NewMetricsServer() cacheutil.CollectMetrics(redisClient, metricsServer) server, err := reposerver.NewServer(metricsServer, cache, tlsConfigCustomizer, repository.RepoServerInitConstants{ @@ -184,7 +188,7 @@ func NewCommand() *cobra.Command { }) http.Handle("/metrics", metricsServer.GetHandler()) go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }() - go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }() + go func() { errors.CheckError(askPassServer.Run()) }() if gpg.IsGPGEnabled() { log.Infof("Initializing GnuPG keyring at %s", common.GetGnuPGHomePath()) @@ -203,8 +207,27 @@ func NewCommand() *cobra.Command { stats.RegisterStackDumper() stats.StartStatsTicker(10 * time.Minute) stats.RegisterHeapDumper("memprofile") + + // Graceful shutdown code adapted from https://gist.github.com/embano1/e0bf49d24f1cdd07cffad93097c04f0a + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM) + wg := sync.WaitGroup{} + wg.Add(1) + go func() { + s := <-sigCh + log.Printf("got signal %v, attempting graceful shutdown", s) + grpc.GracefulStop() + wg.Done() + }() + + log.Println("starting grpc server") err = grpc.Serve(listener) - errors.CheckError(err) + if err != nil { + log.Fatalf("could not serve: %v", err) + } + wg.Wait() + log.Println("clean shutdown") + return nil }, } diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index 707cc2d80eaf5..e94601303a071 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -8,12 +8,16 @@ import ( "time" "github.com/redis/go-redis/v9" + "k8s.io/apimachinery/pkg/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" "github.com/argoproj/pkg/stats" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + "sigs.k8s.io/controller-runtime/pkg/client" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/common" @@ -23,6 +27,7 @@ import ( reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache" "github.com/argoproj/argo-cd/v2/server" servercache "github.com/argoproj/argo-cd/v2/server/cache" + "github.com/argoproj/argo-cd/v2/util/argo" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" "github.com/argoproj/argo-cd/v2/util/cli" "github.com/argoproj/argo-cd/v2/util/dex" @@ -42,6 +47,7 @@ const ( var ( failureRetryCount = env.ParseNumFromEnv(failureRetryCountEnv, 0, 0, 10) failureRetryPeriodMilliSeconds = env.ParseNumFromEnv(failureRetryPeriodMilliSecondsEnv, 100, 0, 1000) + gitSubmoduleEnabled = env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true) ) // NewCommand returns a new instance of an argocd command @@ -79,6 +85,16 @@ func NewCommand() *cobra.Command { staticAssetsDir string applicationNamespaces []string enableProxyExtension bool + webhookParallelism int + + // ApplicationSet + enableNewGitFileGlobbing bool + scmRootCAPath string + allowedScmProviders []string + enableScmProviders bool + + // argocd k8s event logging flag + enableK8sEvent []string ) command := &cobra.Command{ Use: cliName, @@ -130,6 +146,17 @@ func NewCommand() *cobra.Command { StrictValidation: repoServerStrictTLS, } + dynamicClient := dynamic.NewForConfigOrDie(config) + + scheme := runtime.NewScheme() + _ = clientgoscheme.AddToScheme(scheme) + _ = v1alpha1.AddToScheme(scheme) + + controllerClient, err := client.New(config, client.Options{Scheme: scheme}) + errors.CheckError(err) + controllerClient = client.NewDryRunClient(controllerClient) + controllerClient = client.NewNamespacedClient(controllerClient, namespace) + // Load CA information to use for validating connections to the // repository server, if strict TLS validation was requested. if !repoServerPlaintext && repoServerStrictTLS { @@ -179,37 +206,49 @@ func NewCommand() *cobra.Command { } argoCDOpts := server.ArgoCDServerOpts{ - Insecure: insecure, - ListenPort: listenPort, - ListenHost: listenHost, - MetricsPort: metricsPort, - MetricsHost: metricsHost, - Namespace: namespace, - BaseHRef: baseHRef, - RootPath: rootPath, - KubeClientset: kubeclientset, - AppClientset: appClientSet, - RepoClientset: repoclientset, - DexServerAddr: dexServerAddress, - DexTLSConfig: dexTlsConfig, - DisableAuth: disableAuth, - ContentTypes: contentTypesList, - EnableGZip: enableGZip, - TLSConfigCustomizer: tlsConfigCustomizer, - Cache: cache, - RepoServerCache: repoServerCache, - XFrameOptions: frameOptions, - ContentSecurityPolicy: contentSecurityPolicy, - RedisClient: redisClient, - StaticAssetsDir: staticAssetsDir, - ApplicationNamespaces: applicationNamespaces, - EnableProxyExtension: enableProxyExtension, + Insecure: insecure, + ListenPort: listenPort, + ListenHost: listenHost, + MetricsPort: metricsPort, + MetricsHost: metricsHost, + Namespace: namespace, + BaseHRef: baseHRef, + RootPath: rootPath, + DynamicClientset: dynamicClient, + KubeControllerClientset: controllerClient, + KubeClientset: kubeclientset, + AppClientset: appClientSet, + RepoClientset: repoclientset, + DexServerAddr: dexServerAddress, + DexTLSConfig: dexTlsConfig, + DisableAuth: disableAuth, + ContentTypes: contentTypesList, + EnableGZip: enableGZip, + TLSConfigCustomizer: tlsConfigCustomizer, + Cache: cache, + RepoServerCache: repoServerCache, + XFrameOptions: frameOptions, + ContentSecurityPolicy: contentSecurityPolicy, + RedisClient: redisClient, + StaticAssetsDir: staticAssetsDir, + ApplicationNamespaces: applicationNamespaces, + EnableProxyExtension: enableProxyExtension, + WebhookParallelism: webhookParallelism, + EnableK8sEvent: enableK8sEvent, + } + + appsetOpts := server.ApplicationSetOpts{ + GitSubmoduleEnabled: gitSubmoduleEnabled, + EnableNewGitFileGlobbing: enableNewGitFileGlobbing, + ScmRootCAPath: scmRootCAPath, + AllowedScmProviders: allowedScmProviders, + EnableScmProviders: enableScmProviders, } stats.RegisterStackDumper() stats.StartStatsTicker(10 * time.Minute) stats.RegisterHeapDumper("memprofile") - argocd := server.NewServer(ctx, argoCDOpts) + argocd := server.NewServer(ctx, argoCDOpts, appsetOpts) argocd.Init(ctx) lns, err := argocd.Listen() errors.CheckError(err) @@ -232,7 +271,7 @@ func NewCommand() *cobra.Command { Example: templates.Examples(` # Start the Argo CD API server with default settings $ argocd-server - + # Start the Argo CD API server on a custom port and enable tracing $ argocd-server --port 8888 --otlp-address localhost:4317 `), @@ -269,6 +308,15 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&dexServerStrictTLS, "dex-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_SERVER_DEX_SERVER_STRICT_TLS", false), "Perform strict validation of TLS certificates when connecting to dex server") command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces where application resources can be managed in") command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature") + command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently") + command.Flags().StringSliceVar(&enableK8sEvent, "enable-k8s-event", env.StringsFromEnv("ARGOCD_ENABLE_K8S_EVENT", argo.DefaultEnableEventList(), ","), "Enable ArgoCD to use k8s event. For disabling all events, set the value as `none`. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated)") + + // Flags related to the applicationSet component. + command.Flags().StringVar(&scmRootCAPath, "appset-scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates") + command.Flags().BoolVar(&enableScmProviders, "appset-enable-scm-providers", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS", true), "Enable retrieving information from SCM providers, used by the SCM and PR generators (Default: true)") + command.Flags().StringSliceVar(&allowedScmProviders, "appset-allowed-scm-providers", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS", []string{}, ","), "The list of allowed custom SCM provider API URLs. This restriction does not apply to SCM or PR generators which do not accept a custom API URL. (Default: Empty = all)") + command.Flags().BoolVar(&enableNewGitFileGlobbing, "appset-enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.") + tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command) cacheSrc = servercache.AddCacheFlagsToCmd(command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { diff --git a/cmd/argocd/commands/admin/admin.go b/cmd/argocd/commands/admin/admin.go index e5465d9209507..6c120bd425cdb 100644 --- a/cmd/argocd/commands/admin/admin.go +++ b/cmd/argocd/commands/admin/admin.go @@ -1,10 +1,13 @@ package admin import ( + "context" "reflect" + "strings" "github.com/spf13/cobra" apiv1 "k8s.io/api/core/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" @@ -83,11 +86,12 @@ func newArgoCDClientsets(config *rest.Config, namespace string) *argoCDClientset dynamicIf, err := dynamic.NewForConfig(config) errors.CheckError(err) return &argoCDClientsets{ - configMaps: dynamicIf.Resource(configMapResource).Namespace(namespace), - secrets: dynamicIf.Resource(secretResource).Namespace(namespace), - applications: dynamicIf.Resource(applicationsResource).Namespace(namespace), + configMaps: dynamicIf.Resource(configMapResource).Namespace(namespace), + secrets: dynamicIf.Resource(secretResource).Namespace(namespace), + // To support applications and applicationsets in any namespace we will watch all namespaces and filter them afterwards + applications: dynamicIf.Resource(applicationsResource), projects: dynamicIf.Resource(appprojectsResource).Namespace(namespace), - applicationSets: dynamicIf.Resource(appplicationSetResource).Namespace(namespace), + applicationSets: dynamicIf.Resource(appplicationSetResource), } } @@ -186,7 +190,11 @@ func isArgoCDConfigMap(name string) bool { // specsEqual returns if the spec, data, labels, annotations, and finalizers of the two // supplied objects are equal, indicating that no update is necessary during importing func specsEqual(left, right unstructured.Unstructured) bool { - if !reflect.DeepEqual(left.GetAnnotations(), right.GetAnnotations()) { + leftAnnotation := left.GetAnnotations() + rightAnnotation := right.GetAnnotations() + delete(leftAnnotation, apiv1.LastAppliedConfigAnnotation) + delete(rightAnnotation, apiv1.LastAppliedConfigAnnotation) + if !reflect.DeepEqual(leftAnnotation, rightAnnotation) { return false } if !reflect.DeepEqual(left.GetLabels(), right.GetLabels()) { @@ -219,34 +227,51 @@ func specsEqual(left, right unstructured.Unstructured) bool { return false } -func iterateStringFields(obj interface{}, callback func(name string, val string) string) { - if mapField, ok := obj.(map[string]interface{}); ok { - for field, val := range mapField { - if strVal, ok := val.(string); ok { - mapField[field] = callback(field, strVal) - } else { - iterateStringFields(val, callback) - } - } - } else if arrayField, ok := obj.([]interface{}); ok { - for i := range arrayField { - iterateStringFields(arrayField[i], callback) - } - } +type argocdAdditonalNamespaces struct { + applicationNamespaces []string + applicationsetNamespaces []string } -func redactor(dirtyString string) string { - config := make(map[string]interface{}) - err := yaml.Unmarshal([]byte(dirtyString), &config) +const ( + applicationsetNamespacesCmdParamsKey = "applicationsetcontroller.namespaces" + applicationNamespacesCmdParamsKey = "application.namespaces" +) + +// Get additional namespaces from argocd-cmd-params +func getAdditionalNamespaces(ctx context.Context, argocdClientsets *argoCDClientsets) *argocdAdditonalNamespaces { + applicationNamespaces := make([]string, 0) + applicationsetNamespaces := make([]string, 0) + + un, err := argocdClientsets.configMaps.Get(ctx, common.ArgoCDCmdParamsConfigMapName, v1.GetOptions{}) errors.CheckError(err) - iterateStringFields(config, func(name string, val string) string { - if name == "clientSecret" || name == "secret" || name == "bindPW" { - return "********" - } else { - return val - } - }) - data, err := yaml.Marshal(config) + var cm apiv1.ConfigMap + err = runtime.DefaultUnstructuredConverter.FromUnstructured(un.Object, &cm) errors.CheckError(err) - return string(data) + + namespacesListFromString := func(namespaces string) []string { + listOfNamespaces := []string{} + + ss := strings.Split(namespaces, ",") + + for _, namespace := range ss { + if namespace != "" { + listOfNamespaces = append(listOfNamespaces, strings.TrimSpace(namespace)) + } + } + + return listOfNamespaces + } + + if strNamespaces, ok := cm.Data[applicationNamespacesCmdParamsKey]; ok { + applicationNamespaces = namespacesListFromString(strNamespaces) + } + + if strNamespaces, ok := cm.Data[applicationsetNamespacesCmdParamsKey]; ok { + applicationsetNamespaces = namespacesListFromString(strNamespaces) + } + + return &argocdAdditonalNamespaces{ + applicationNamespaces: applicationNamespaces, + applicationsetNamespaces: applicationsetNamespaces, + } } diff --git a/cmd/argocd/commands/admin/admin_test.go b/cmd/argocd/commands/admin/admin_test.go new file mode 100644 index 0000000000000..85f59b5dee699 --- /dev/null +++ b/cmd/argocd/commands/admin/admin_test.go @@ -0,0 +1,75 @@ +package admin + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + dynfake "k8s.io/client-go/dynamic/fake" +) + +func TestGetAdditionalNamespaces(t *testing.T) { + createArgoCDCmdCMWithKeys := func(data map[string]interface{}) *unstructured.Unstructured { + return &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": map[string]interface{}{ + "name": "argocd-cmd-params-cm", + "namespace": "argocd", + }, + "data": data, + }, + } + } + + testCases := []struct { + CmdParamsKeys map[string]interface{} + expected argocdAdditonalNamespaces + description string + }{ + { + description: "empty configmap should return no additional namespaces", + CmdParamsKeys: map[string]interface{}{}, + expected: argocdAdditonalNamespaces{applicationNamespaces: []string{}, applicationsetNamespaces: []string{}}, + }, + { + description: "empty strings in respective keys in cm shoud return empty namespace list", + CmdParamsKeys: map[string]interface{}{applicationsetNamespacesCmdParamsKey: "", applicationNamespacesCmdParamsKey: ""}, + expected: argocdAdditonalNamespaces{applicationNamespaces: []string{}, applicationsetNamespaces: []string{}}, + }, + { + description: "when only one of the keys in the cm is set only correct respective list of namespaces should be returned", + CmdParamsKeys: map[string]interface{}{applicationNamespacesCmdParamsKey: "foo, bar*"}, + expected: argocdAdditonalNamespaces{applicationsetNamespaces: []string{}, applicationNamespaces: []string{"foo", "bar*"}}, + }, + { + description: "when only one of the keys in the cm is set only correct respective list of namespaces should be returned", + CmdParamsKeys: map[string]interface{}{applicationsetNamespacesCmdParamsKey: "foo, bar*"}, + expected: argocdAdditonalNamespaces{applicationNamespaces: []string{}, applicationsetNamespaces: []string{"foo", "bar*"}}, + }, + { + description: "whitespaces are removed for both multiple and single namespace", + CmdParamsKeys: map[string]interface{}{applicationNamespacesCmdParamsKey: " bar ", applicationsetNamespacesCmdParamsKey: " foo , bar* "}, + expected: argocdAdditonalNamespaces{applicationNamespaces: []string{"bar"}, applicationsetNamespaces: []string{"foo", "bar*"}}, + }, + } + + for _, c := range testCases { + fakeDynClient := dynfake.NewSimpleDynamicClient(runtime.NewScheme(), createArgoCDCmdCMWithKeys(c.CmdParamsKeys)) + + argoCDClientsets := &argoCDClientsets{ + configMaps: fakeDynClient.Resource(configMapResource).Namespace("argocd"), + applications: fakeDynClient.Resource(schema.GroupVersionResource{}), + applicationSets: fakeDynClient.Resource(schema.GroupVersionResource{}), + secrets: fakeDynClient.Resource(schema.GroupVersionResource{}), + projects: fakeDynClient.Resource(schema.GroupVersionResource{}), + } + + result := getAdditionalNamespaces(context.TODO(), argoCDClientsets) + assert.Equal(t, c.expected, *result) + } +} diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go index 284b4fa9f20bf..e8869493d05fc 100644 --- a/cmd/argocd/commands/admin/app.go +++ b/cmd/argocd/commands/admin/app.go @@ -78,6 +78,7 @@ func NewGenAppSpecCommand() *cobra.Command { outputFormat string annotations []string inline bool + setFinalizer bool ) command := &cobra.Command{ Use: "generate-spec APPNAME", @@ -112,7 +113,9 @@ func NewGenAppSpecCommand() *cobra.Command { c.HelpFunc()(c, args) os.Exit(1) } - + if setFinalizer { + app.Finalizers = append(app.Finalizers, "resources-finalizer.argocd.argoproj.io") + } out, closer, err := getOutWriter(inline, fileURL) errors.CheckError(err) defer io.Close(closer) @@ -126,6 +129,7 @@ func NewGenAppSpecCommand() *cobra.Command { command.Flags().StringArrayVarP(&annotations, "annotations", "", []string{}, "Set metadata annotations (e.g. example=value)") command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml") command.Flags().BoolVarP(&inline, "inline", "i", false, "If set then generated resource is written back to the file specified in --file flag") + command.Flags().BoolVar(&setFinalizer, "set-finalizer", false, "Sets deletion finalizer on the application, application resources will be cascaded on deletion") // Only complete files with appropriate extension. err := command.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{"json", "yaml", "yml"}) @@ -383,7 +387,7 @@ func reconcileApplications( return true }, func(r *http.Request) error { return nil - }, []string{}) + }, []string{}, []string{}) if err != nil { return nil, err } diff --git a/cmd/argocd/commands/admin/backup.go b/cmd/argocd/commands/admin/backup.go index fb54c5c7c7951..918bbc234b9a2 100644 --- a/cmd/argocd/commands/admin/backup.go +++ b/cmd/argocd/commands/admin/backup.go @@ -20,13 +20,16 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/argo-cd/v2/util/cli" "github.com/argoproj/argo-cd/v2/util/errors" + secutil "github.com/argoproj/argo-cd/v2/util/security" ) // NewExportCommand defines a new command for exporting Kubernetes and Argo CD resources. func NewExportCommand() *cobra.Command { var ( - clientConfig clientcmd.ClientConfig - out string + clientConfig clientcmd.ClientConfig + out string + applicationNamespaces []string + applicationsetNamespaces []string ) command := cobra.Command{ Use: "export", @@ -58,34 +61,47 @@ func NewExportCommand() *cobra.Command { acdClients := newArgoCDClientsets(config, namespace) acdConfigMap, err := acdClients.configMaps.Get(ctx, common.ArgoCDConfigMapName, v1.GetOptions{}) errors.CheckError(err) - export(writer, *acdConfigMap) + export(writer, *acdConfigMap, namespace) acdRBACConfigMap, err := acdClients.configMaps.Get(ctx, common.ArgoCDRBACConfigMapName, v1.GetOptions{}) errors.CheckError(err) - export(writer, *acdRBACConfigMap) + export(writer, *acdRBACConfigMap, namespace) acdKnownHostsConfigMap, err := acdClients.configMaps.Get(ctx, common.ArgoCDKnownHostsConfigMapName, v1.GetOptions{}) errors.CheckError(err) - export(writer, *acdKnownHostsConfigMap) + export(writer, *acdKnownHostsConfigMap, namespace) acdTLSCertsConfigMap, err := acdClients.configMaps.Get(ctx, common.ArgoCDTLSCertsConfigMapName, v1.GetOptions{}) errors.CheckError(err) - export(writer, *acdTLSCertsConfigMap) + export(writer, *acdTLSCertsConfigMap, namespace) referencedSecrets := getReferencedSecrets(*acdConfigMap) secrets, err := acdClients.secrets.List(ctx, v1.ListOptions{}) errors.CheckError(err) for _, secret := range secrets.Items { if isArgoCDSecret(referencedSecrets, secret) { - export(writer, secret) + export(writer, secret, namespace) } } projects, err := acdClients.projects.List(ctx, v1.ListOptions{}) errors.CheckError(err) for _, proj := range projects.Items { - export(writer, proj) + export(writer, proj, namespace) } + + additionalNamespaces := getAdditionalNamespaces(ctx, acdClients) + + if len(applicationNamespaces) == 0 { + applicationNamespaces = additionalNamespaces.applicationNamespaces + } + if len(applicationsetNamespaces) == 0 { + applicationsetNamespaces = additionalNamespaces.applicationsetNamespaces + } + applications, err := acdClients.applications.List(ctx, v1.ListOptions{}) errors.CheckError(err) for _, app := range applications.Items { - export(writer, app) + // Export application only if it is in one of the enabled namespaces + if secutil.IsNamespaceEnabled(app.GetNamespace(), namespace, applicationNamespaces) { + export(writer, app, namespace) + } } applicationSets, err := acdClients.applicationSets.List(ctx, v1.ListOptions{}) if err != nil && !apierr.IsNotFound(err) { @@ -97,7 +113,9 @@ func NewExportCommand() *cobra.Command { } if applicationSets != nil { for _, appSet := range applicationSets.Items { - export(writer, appSet) + if secutil.IsNamespaceEnabled(appSet.GetNamespace(), namespace, applicationsetNamespaces) { + export(writer, appSet, namespace) + } } } }, @@ -105,18 +123,22 @@ func NewExportCommand() *cobra.Command { clientConfig = cli.AddKubectlFlagsToCmd(&command) command.Flags().StringVarP(&out, "out", "o", "-", "Output to the specified file instead of stdout") - + command.Flags().StringSliceVarP(&applicationNamespaces, "application-namespaces", "", []string{}, fmt.Sprintf("Comma separated list of namespace globs to export applications from. If not provided value from '%s' in %s will be used,if it's not defined only applications from Argo CD namespace will be exported", applicationNamespacesCmdParamsKey, common.ArgoCDCmdParamsConfigMapName)) + command.Flags().StringSliceVarP(&applicationsetNamespaces, "applicationset-namespaces", "", []string{}, fmt.Sprintf("Comma separated list of namespace globs to export applicationsets from. If not provided value from '%s' in %s will be used,if it's not defined only applicationsets from Argo CD namespace will be exported", applicationsetNamespacesCmdParamsKey, common.ArgoCDCmdParamsConfigMapName)) return &command } // NewImportCommand defines a new command for exporting Kubernetes and Argo CD resources. func NewImportCommand() *cobra.Command { var ( - clientConfig clientcmd.ClientConfig - prune bool - dryRun bool - verbose bool - stopOperation bool + clientConfig clientcmd.ClientConfig + prune bool + dryRun bool + verbose bool + stopOperation bool + ignoreTracking bool + applicationNamespaces []string + applicationsetNamespaces []string ) command := cobra.Command{ Use: "import SOURCE", @@ -135,6 +157,8 @@ func NewImportCommand() *cobra.Command { namespace, _, err := clientConfig.Namespace() errors.CheckError(err) acdClients := newArgoCDClientsets(config, namespace) + client, err := dynamic.NewForConfig(config) + errors.CheckError(err) var input []byte if in := args[0]; in == "-" { @@ -148,6 +172,15 @@ func NewImportCommand() *cobra.Command { dryRunMsg = " (dry run)" } + additionalNamespaces := getAdditionalNamespaces(ctx, acdClients) + + if len(applicationNamespaces) == 0 { + applicationNamespaces = additionalNamespaces.applicationNamespaces + } + if len(applicationsetNamespaces) == 0 { + applicationsetNamespaces = additionalNamespaces.applicationsetNamespaces + } + // pruneObjects tracks live objects and it's current resource version. any remaining // items in this map indicates the resource should be pruned since it no longer appears // in the backup @@ -159,7 +192,7 @@ func NewImportCommand() *cobra.Command { var referencedSecrets map[string]bool for _, cm := range configMaps.Items { if isArgoCDConfigMap(cm.GetName()) { - pruneObjects[kube.ResourceKey{Group: "", Kind: "ConfigMap", Name: cm.GetName()}] = cm + pruneObjects[kube.ResourceKey{Group: "", Kind: "ConfigMap", Name: cm.GetName(), Namespace: cm.GetNamespace()}] = cm } if cm.GetName() == common.ArgoCDConfigMapName { referencedSecrets = getReferencedSecrets(cm) @@ -170,18 +203,20 @@ func NewImportCommand() *cobra.Command { errors.CheckError(err) for _, secret := range secrets.Items { if isArgoCDSecret(referencedSecrets, secret) { - pruneObjects[kube.ResourceKey{Group: "", Kind: "Secret", Name: secret.GetName()}] = secret + pruneObjects[kube.ResourceKey{Group: "", Kind: "Secret", Name: secret.GetName(), Namespace: secret.GetNamespace()}] = secret } } applications, err := acdClients.applications.List(ctx, v1.ListOptions{}) errors.CheckError(err) for _, app := range applications.Items { - pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.ApplicationKind, Name: app.GetName()}] = app + if secutil.IsNamespaceEnabled(app.GetNamespace(), namespace, applicationNamespaces) { + pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.ApplicationKind, Name: app.GetName(), Namespace: app.GetNamespace()}] = app + } } projects, err := acdClients.projects.List(ctx, v1.ListOptions{}) errors.CheckError(err) for _, proj := range projects.Items { - pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.AppProjectKind, Name: proj.GetName()}] = proj + pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.AppProjectKind, Name: proj.GetName(), Namespace: proj.GetNamespace()}] = proj } applicationSets, err := acdClients.applicationSets.List(ctx, v1.ListOptions{}) if apierr.IsForbidden(err) || apierr.IsNotFound(err) { @@ -191,7 +226,9 @@ func NewImportCommand() *cobra.Command { } if applicationSets != nil { for _, appSet := range applicationSets.Items { - pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.ApplicationSetKind, Name: appSet.GetName()}] = appSet + if secutil.IsNamespaceEnabled(appSet.GetNamespace(), namespace, applicationsetNamespaces) { + pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.ApplicationSetKind, Name: appSet.GetName(), Namespace: appSet.GetNamespace()}] = appSet + } } } @@ -200,22 +237,41 @@ func NewImportCommand() *cobra.Command { errors.CheckError(err) for _, bakObj := range backupObjects { gvk := bakObj.GroupVersionKind() - key := kube.ResourceKey{Group: gvk.Group, Kind: gvk.Kind, Name: bakObj.GetName()} + // For objects without namespace, assume they belong in ArgoCD namespace + if bakObj.GetNamespace() == "" { + bakObj.SetNamespace(namespace) + } + key := kube.ResourceKey{Group: gvk.Group, Kind: gvk.Kind, Name: bakObj.GetName(), Namespace: bakObj.GetNamespace()} liveObj, exists := pruneObjects[key] delete(pruneObjects, key) var dynClient dynamic.ResourceInterface switch bakObj.GetKind() { case "Secret": - dynClient = acdClients.secrets + dynClient = client.Resource(secretResource).Namespace(bakObj.GetNamespace()) case "ConfigMap": - dynClient = acdClients.configMaps + dynClient = client.Resource(configMapResource).Namespace(bakObj.GetNamespace()) case application.AppProjectKind: - dynClient = acdClients.projects + dynClient = client.Resource(appprojectsResource).Namespace(bakObj.GetNamespace()) case application.ApplicationKind: - dynClient = acdClients.applications + dynClient = client.Resource(applicationsResource).Namespace(bakObj.GetNamespace()) + // If application is not in one of the allowed namespaces do not import it + if !secutil.IsNamespaceEnabled(bakObj.GetNamespace(), namespace, applicationNamespaces) { + continue + } case application.ApplicationSetKind: - dynClient = acdClients.applicationSets + dynClient = client.Resource(appplicationSetResource).Namespace(bakObj.GetNamespace()) + // If applicationset is not in one of the allowed namespaces do not import it + if !secutil.IsNamespaceEnabled(bakObj.GetNamespace(), namespace, applicationsetNamespaces) { + continue + } + } + + // If there is a live object, remove the tracking annotations/label that might conflict + // when argo is managed with an application. + if ignoreTracking && exists { + updateTracking(bakObj, &liveObj) } + if !exists { isForbidden := false if !dryRun { @@ -228,7 +284,7 @@ func NewImportCommand() *cobra.Command { } } if !isForbidden { - fmt.Printf("%s/%s %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg) + fmt.Printf("%s/%s %s in namespace %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), bakObj.GetNamespace(), dryRunMsg) } } else if specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation) { if verbose { @@ -247,7 +303,7 @@ func NewImportCommand() *cobra.Command { } } if !isForbidden { - fmt.Printf("%s/%s %s updated%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg) + fmt.Printf("%s/%s %s in namespace %s updated%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), bakObj.GetNamespace(), dryRunMsg) } } } @@ -258,11 +314,11 @@ func NewImportCommand() *cobra.Command { var dynClient dynamic.ResourceInterface switch key.Kind { case "Secret": - dynClient = acdClients.secrets + dynClient = client.Resource(secretResource).Namespace(liveObj.GetNamespace()) case application.AppProjectKind: - dynClient = acdClients.projects + dynClient = client.Resource(appprojectsResource).Namespace(liveObj.GetNamespace()) case application.ApplicationKind: - dynClient = acdClients.applications + dynClient = client.Resource(applicationsResource).Namespace(liveObj.GetNamespace()) if !dryRun { if finalizers := liveObj.GetFinalizers(); len(finalizers) > 0 { newLive := liveObj.DeepCopy() @@ -274,7 +330,7 @@ func NewImportCommand() *cobra.Command { } } case application.ApplicationSetKind: - dynClient = acdClients.applicationSets + dynClient = client.Resource(appplicationSetResource).Namespace(liveObj.GetNamespace()) default: log.Fatalf("Unexpected kind '%s' in prune list", key.Kind) } @@ -301,8 +357,11 @@ func NewImportCommand() *cobra.Command { clientConfig = cli.AddKubectlFlagsToCmd(&command) command.Flags().BoolVar(&dryRun, "dry-run", false, "Print what will be performed") command.Flags().BoolVar(&prune, "prune", false, "Prune secrets, applications and projects which do not appear in the backup") + command.Flags().BoolVar(&ignoreTracking, "ignore-tracking", false, "Do not update the tracking annotation if the resource is already tracked") command.Flags().BoolVar(&verbose, "verbose", false, "Verbose output (versus only changed output)") command.Flags().BoolVar(&stopOperation, "stop-operation", false, "Stop any existing operations") + command.Flags().StringSliceVarP(&applicationNamespaces, "application-namespaces", "", []string{}, fmt.Sprintf("Comma separated list of namespace globs to which import of applications is allowed. If not provided value from '%s' in %s will be used,if it's not defined only applications without an explicit namespace will be imported to the Argo CD namespace", applicationNamespacesCmdParamsKey, common.ArgoCDCmdParamsConfigMapName)) + command.Flags().StringSliceVarP(&applicationsetNamespaces, "applicationset-namespaces", "", []string{}, fmt.Sprintf("Comma separated list of namespace globs which import of applicationsets is allowed. If not provided value from '%s' in %s will be used,if it's not defined only applicationsets without an explicit namespace will be imported to the Argo CD namespace", applicationsetNamespacesCmdParamsKey, common.ArgoCDCmdParamsConfigMapName)) return &command } @@ -320,13 +379,14 @@ func checkAppHasNoNeedToStopOperation(liveObj unstructured.Unstructured, stopOpe } // export writes the unstructured object and removes extraneous cruft from output before writing -func export(w io.Writer, un unstructured.Unstructured) { +func export(w io.Writer, un unstructured.Unstructured, argocdNamespace string) { name := un.GetName() finalizers := un.GetFinalizers() apiVersion := un.GetAPIVersion() kind := un.GetKind() labels := un.GetLabels() annotations := un.GetAnnotations() + namespace := un.GetNamespace() unstructured.RemoveNestedField(un.Object, "metadata") un.SetName(name) un.SetFinalizers(finalizers) @@ -334,6 +394,9 @@ func export(w io.Writer, un unstructured.Unstructured) { un.SetKind(kind) un.SetLabels(labels) un.SetAnnotations(annotations) + if namespace != argocdNamespace { + un.SetNamespace(namespace) + } data, err := yaml.Marshal(un.Object) errors.CheckError(err) _, err = w.Write(data) @@ -368,3 +431,32 @@ func updateLive(bak, live *unstructured.Unstructured, stopOperation bool) *unstr } return newLive } + +// updateTracking will update the tracking label and annotation in the bak resources to the +// value of the live resource. +func updateTracking(bak, live *unstructured.Unstructured) { + // update the common annotation + bakAnnotations := bak.GetAnnotations() + liveAnnotations := live.GetAnnotations() + if liveAnnotations != nil && bakAnnotations != nil { + if v, ok := liveAnnotations[common.AnnotationKeyAppInstance]; ok { + if _, ok := bakAnnotations[common.AnnotationKeyAppInstance]; ok { + bakAnnotations[common.AnnotationKeyAppInstance] = v + bak.SetAnnotations(bakAnnotations) + } + } + } + + // update the common label + // A custom label can be set, but it is impossible to know which instance is managing the application + bakLabels := bak.GetLabels() + liveLabels := live.GetLabels() + if liveLabels != nil && bakLabels != nil { + if v, ok := liveLabels[common.LabelKeyAppInstance]; ok { + if _, ok := bakLabels[common.LabelKeyAppInstance]; ok { + bakLabels[common.LabelKeyAppInstance] = v + bak.SetLabels(bakLabels) + } + } + } +} diff --git a/cmd/argocd/commands/admin/backup_test.go b/cmd/argocd/commands/admin/backup_test.go new file mode 100644 index 0000000000000..b4fd07ad04c1a --- /dev/null +++ b/cmd/argocd/commands/admin/backup_test.go @@ -0,0 +1,87 @@ +package admin + +import ( + "testing" + + "github.com/argoproj/gitops-engine/pkg/utils/kube" + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + "github.com/argoproj/argo-cd/v2/common" +) + +func newBackupObject(trackingValue string, trackingLabel bool, trackingAnnotation bool) *unstructured.Unstructured { + cm := v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-configmap", + Namespace: "namespace", + }, + Data: map[string]string{ + "foo": "bar", + }, + } + if trackingLabel { + cm.SetLabels(map[string]string{ + common.LabelKeyAppInstance: trackingValue, + }) + } + if trackingAnnotation { + cm.SetAnnotations(map[string]string{ + common.AnnotationKeyAppInstance: trackingValue, + }) + } + return kube.MustToUnstructured(&cm) +} + +func Test_updateTracking(t *testing.T) { + type args struct { + bak *unstructured.Unstructured + live *unstructured.Unstructured + } + tests := []struct { + name string + args args + expected *unstructured.Unstructured + }{ + { + name: "update annotation when present in live", + args: args{ + bak: newBackupObject("bak", false, true), + live: newBackupObject("live", false, true), + }, + expected: newBackupObject("live", false, true), + }, + { + name: "update default label when present in live", + args: args{ + bak: newBackupObject("bak", true, true), + live: newBackupObject("live", true, true), + }, + expected: newBackupObject("live", true, true), + }, + { + name: "do not update if live object does not have tracking", + args: args{ + bak: newBackupObject("bak", true, true), + live: newBackupObject("live", false, false), + }, + expected: newBackupObject("bak", true, true), + }, + { + name: "do not update if bak object does not have tracking", + args: args{ + bak: newBackupObject("bak", false, false), + live: newBackupObject("live", true, true), + }, + expected: newBackupObject("bak", false, false), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + updateTracking(tt.args.bak, tt.args.live) + assert.Equal(t, tt.expected, tt.args.bak) + }) + } +} diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index a04885b101522..48ee0254fd1b7 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -106,14 +106,9 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie } redisOptions := &redis.Options{Addr: fmt.Sprintf("localhost:%d", port)} - - secret, err := kubeClient.CoreV1().Secrets(namespace).Get(context.Background(), defaulRedisInitialPasswordSecretName, v1.GetOptions{}) - if err == nil { - if _, ok := secret.Data[defaultResisInitialPasswordKey]; ok { - redisOptions.Password = string(secret.Data[defaultResisInitialPasswordKey]) - } + if err = common.SetOptionalRedisPasswordFromKubeConfig(ctx, kubeClient, namespace, redisOptions); err != nil { + log.Warnf("Failed to fetch & set redis password for namespace %s: %v", namespace, err) } - client := redis.NewClient(redisOptions) compressionType, err := cacheutil.CompressionTypeFromString(redisCompressionStr) if err != nil { diff --git a/cmd/argocd/commands/admin/notifications.go b/cmd/argocd/commands/admin/notifications.go index 104a12a8596c2..32ae589270938 100644 --- a/cmd/argocd/commands/admin/notifications.go +++ b/cmd/argocd/commands/admin/notifications.go @@ -35,7 +35,8 @@ func NewNotificationsCommand() *cobra.Command { "notifications", "argocd admin notifications", applications, - settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm", false), func(clientConfig clientcmd.ClientConfig) { + settings.GetFactorySettingsForCLI(&argocdService, "argocd-notifications-secret", "argocd-notifications-cm", false), + func(clientConfig clientcmd.ClientConfig) { k8sCfg, err := clientConfig.ClientConfig() if err != nil { log.Fatalf("Failed to parse k8s config: %v", err) diff --git a/cmd/argocd/commands/admin/project_allowlist_test.go b/cmd/argocd/commands/admin/project_allowlist_test.go index eeec46b9be231..7c22fd1c0ee75 100644 --- a/cmd/argocd/commands/admin/project_allowlist_test.go +++ b/cmd/argocd/commands/admin/project_allowlist_test.go @@ -17,5 +17,5 @@ func TestProjectAllowListGen(t *testing.T) { globalProj, err := generateProjectAllowList(resourceList, "testdata/test_clusterrole.yaml", "testproj") require.NoError(t, err) - assert.Positive(t, len(globalProj.Spec.NamespaceResourceWhitelist)) + assert.NotEmpty(t, globalProj.Spec.NamespaceResourceWhitelist) } diff --git a/cmd/argocd/commands/admin/redis_initial_password.go b/cmd/argocd/commands/admin/redis_initial_password.go index eddd915373b15..3f89b54010659 100644 --- a/cmd/argocd/commands/admin/redis_initial_password.go +++ b/cmd/argocd/commands/admin/redis_initial_password.go @@ -6,25 +6,18 @@ import ( "fmt" "math/big" + "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" apierr "k8s.io/apimachinery/pkg/api/errors" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/cli" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/cli" "github.com/argoproj/argo-cd/v2/util/errors" - - "github.com/spf13/cobra" - corev1 "k8s.io/api/core/v1" -) - -const ( - defaulRedisInitialPasswordSecretName = "argocd-redis" - defaultResisInitialPasswordKey = "auth" ) func generateRandomPassword() (string, error) { @@ -52,8 +45,8 @@ func NewRedisInitialPasswordCommand() *cobra.Command { namespace, _, err := clientConfig.Namespace() errors.CheckError(err) - redisInitialPasswordSecretName := defaulRedisInitialPasswordSecretName - redisInitialPasswordKey := defaultResisInitialPasswordKey + redisInitialPasswordSecretName := common.DefaultRedisInitialPasswordSecretName + redisInitialPasswordKey := common.DefaultRedisInitialPasswordKey fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialPasswordSecretName, redisInitialPasswordKey) config, err := clientConfig.ClientConfig() diff --git a/cmd/argocd/commands/admin/secrets_redactor_test.go b/cmd/argocd/commands/admin/secrets_redactor_test.go deleted file mode 100644 index cb1b3e78dbfea..0000000000000 --- a/cmd/argocd/commands/admin/secrets_redactor_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package admin - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -var textToRedact = ` -connectors: -- config: - clientID: aabbccddeeff00112233 - clientSecret: | - theSecret - orgs: - - name: your-github-org - redirectURI: https://argocd.example.com/api/dex/callback - id: github - name: GitHub - type: github -- config: - bindDN: uid=serviceaccount,cn=users,dc=example,dc=com - bindPW: theSecret - host: ldap.example.com:636 - id: ldap - name: LDAP - type: ldap -grpc: - addr: 0.0.0.0:5557 -telemetry: - http: 0.0.0.0:5558 -issuer: https://argocd.example.com/api/dex -oauth2: - skipApprovalScreen: true -staticClients: -- id: argo-cd - name: Argo CD - redirectURIs: - - https://argocd.example.com/auth/callback - secret: Dis9M-GA11oTwZVQQWdDklPQw-sWXZkWJFyyEhMs -- id: argo-cd-cli - name: Argo CD CLI - public: true - redirectURIs: - - http://localhost -storage: - type: memory -web: - http: 0.0.0.0:5556` - -var expectedRedaction = `connectors: -- config: - clientID: aabbccddeeff00112233 - clientSecret: '********' - orgs: - - name: your-github-org - redirectURI: https://argocd.example.com/api/dex/callback - id: github - name: GitHub - type: github -- config: - bindDN: uid=serviceaccount,cn=users,dc=example,dc=com - bindPW: '********' - host: ldap.example.com:636 - id: ldap - name: LDAP - type: ldap -grpc: - addr: 0.0.0.0:5557 -issuer: https://argocd.example.com/api/dex -oauth2: - skipApprovalScreen: true -staticClients: -- id: argo-cd - name: Argo CD - redirectURIs: - - https://argocd.example.com/auth/callback - secret: '********' -- id: argo-cd-cli - name: Argo CD CLI - public: true - redirectURIs: - - http://localhost -storage: - type: memory -telemetry: - http: 0.0.0.0:5558 -web: - http: 0.0.0.0:5556 -` - -func TestSecretsRedactor(t *testing.T) { - assert.Equal(t, expectedRedaction, redactor(textToRedact)) -} diff --git a/cmd/argocd/commands/admin/settings.go b/cmd/argocd/commands/admin/settings.go index b9c68bbbd58f6..7cd49b0c94031 100644 --- a/cmd/argocd/commands/admin/settings.go +++ b/cmd/argocd/commands/admin/settings.go @@ -159,7 +159,7 @@ func NewSettingsCommand() *cobra.Command { command.AddCommand(NewValidateSettingsCommand(&opts)) command.AddCommand(NewResourceOverridesCommand(&opts)) - command.AddCommand(NewRBACCommand()) + command.AddCommand(NewRBACCommand(&opts)) opts.clientConfig = cli.AddKubectlFlagsToCmd(command) command.PersistentFlags().StringVar(&opts.argocdCMPath, "argocd-cm-path", "", "Path to local argocd-cm.yaml file") diff --git a/cmd/argocd/commands/admin/settings_rbac.go b/cmd/argocd/commands/admin/settings_rbac.go index de0a857397f62..dc8faf657b520 100644 --- a/cmd/argocd/commands/admin/settings_rbac.go +++ b/cmd/argocd/commands/admin/settings_rbac.go @@ -18,6 +18,7 @@ import ( "github.com/argoproj/argo-cd/v2/server/rbacpolicy" "github.com/argoproj/argo-cd/v2/util/assets" "github.com/argoproj/argo-cd/v2/util/cli" + "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/rbac" ) @@ -28,7 +29,7 @@ type rbacTrait struct { } // Provide a mapping of short-hand resource names to their RBAC counterparts -var resourceMap map[string]string = map[string]string{ +var resourceMap = map[string]string{ "account": rbacpolicy.ResourceAccounts, "app": rbacpolicy.ResourceApplications, "apps": rbacpolicy.ResourceApplications, @@ -52,8 +53,17 @@ var resourceMap map[string]string = map[string]string{ "repository": rbacpolicy.ResourceRepositories, } +var projectScoped = map[string]bool{ + rbacpolicy.ResourceApplications: true, + rbacpolicy.ResourceApplicationSets: true, + rbacpolicy.ResourceLogs: true, + rbacpolicy.ResourceExec: true, + rbacpolicy.ResourceClusters: true, + rbacpolicy.ResourceRepositories: true, +} + // List of allowed RBAC resources -var validRBACResourcesActions map[string]actionTraitMap = map[string]actionTraitMap{ +var validRBACResourcesActions = map[string]actionTraitMap{ rbacpolicy.ResourceAccounts: accountsActions, rbacpolicy.ResourceApplications: applicationsActions, rbacpolicy.ResourceApplicationSets: defaultCRUDActions, @@ -109,7 +119,7 @@ var extensionActions = actionTraitMap{ } // NewRBACCommand is the command for 'rbac' -func NewRBACCommand() *cobra.Command { +func NewRBACCommand(cmdCtx commandContext) *cobra.Command { command := &cobra.Command{ Use: "rbac", Short: "Validate and test RBAC configuration", @@ -117,13 +127,13 @@ func NewRBACCommand() *cobra.Command { c.HelpFunc()(c, args) }, } - command.AddCommand(NewRBACCanCommand()) + command.AddCommand(NewRBACCanCommand(cmdCtx)) command.AddCommand(NewRBACValidateCommand()) return command } -// NewRBACCanRoleCommand is the command for 'rbac can-role' -func NewRBACCanCommand() *cobra.Command { +// NewRBACCanCommand is the command for 'rbac can' +func NewRBACCanCommand(cmdCtx commandContext) *cobra.Command { var ( policyFile string defaultRole string @@ -175,11 +185,6 @@ argocd admin settings rbac can someuser create application 'default/app' --defau subResource = args[3] } - userPolicy := "" - builtinPolicy := "" - - var newDefaultRole string - namespace, nsOverride, err := clientConfig.Namespace() if err != nil { log.Fatalf("could not create k8s client: %v", err) @@ -203,6 +208,7 @@ argocd admin settings rbac can someuser create application 'default/app' --defau userPolicy, newDefaultRole, matchMode := getPolicy(ctx, policyFile, realClientset, namespace) // Use built-in policy as augmentation if requested + builtinPolicy := "" if useBuiltin { builtinPolicy = assets.BuiltinPolicyCSV } @@ -213,7 +219,30 @@ argocd admin settings rbac can someuser create application 'default/app' --defau defaultRole = newDefaultRole } - res := checkPolicy(subject, action, resource, subResource, builtinPolicy, userPolicy, defaultRole, matchMode, strict) + // Logs RBAC will be enforced only if an internal var serverRBACLogEnforceEnable + // (representing server.rbac.log.enforce.enable env var in argocd-cm) + // is defined and has a "true" value + // Otherwise, no RBAC enforcement for logs will take place (meaning, 'can' request on a logs resource will result in "yes", + // even if there is no explicit RBAC allow, or if there is an explicit RBAC deny) + var isLogRbacEnforced func() bool + if nsOverride && policyFile == "" { + if resolveRBACResourceName(resource) == rbacpolicy.ResourceLogs { + isLogRbacEnforced = func() bool { + if opts, ok := cmdCtx.(*settingsOpts); ok { + opts.loadClusterSettings = true + opts.clientConfig = clientConfig + settingsMgr, err := opts.createSettingsManager(ctx) + errors.CheckError(err) + logEnforceEnable, err := settingsMgr.GetServerRBACLogEnforceEnable() + errors.CheckError(err) + return logEnforceEnable + } + return false + } + } + } + res := checkPolicy(subject, action, resource, subResource, builtinPolicy, userPolicy, defaultRole, matchMode, strict, isLogRbacEnforced) + if res { if !quiet { fmt.Println("Yes") @@ -359,20 +388,16 @@ func getPolicyFromFile(policyFile string) (string, string, string, error) { // Retrieve policy information from a ConfigMap func getPolicyFromConfigMap(cm *corev1.ConfigMap) (string, string, string) { var ( - userPolicy string defaultRole string ok bool ) - userPolicy, ok = cm.Data[rbac.ConfigMapPolicyCSVKey] - if !ok { - userPolicy = "" - } + defaultRole, ok = cm.Data[rbac.ConfigMapPolicyDefaultKey] if !ok { defaultRole = "" } - return userPolicy, defaultRole, cm.Data[rbac.ConfigMapMatchModeKey] + return rbac.PolicyCSV(cm.Data), defaultRole, cm.Data[rbac.ConfigMapMatchModeKey] } // getPolicyConfigMap fetches the RBAC config map from K8s cluster @@ -386,7 +411,7 @@ func getPolicyConfigMap(ctx context.Context, client kubernetes.Interface, namesp // checkPolicy checks whether given subject is allowed to execute specified // action against specified resource -func checkPolicy(subject, action, resource, subResource, builtinPolicy, userPolicy, defaultRole, matchMode string, strict bool) bool { +func checkPolicy(subject, action, resource, subResource, builtinPolicy, userPolicy, defaultRole, matchMode string, strict bool, isLogRbacEnforced func() bool) bool { enf := rbac.NewEnforcer(nil, "argocd", "argocd-rbac-cm", nil) enf.SetDefaultRole(defaultRole) enf.SetMatchMode(matchMode) @@ -420,15 +445,19 @@ func checkPolicy(subject, action, resource, subResource, builtinPolicy, userPoli } } - // Application resources have a special notation - for simplicity's sake, + // Some project scoped resources have a special notation - for simplicity's sake, // if user gives no sub-resource (or specifies simple '*'), we construct // the required notation by setting subresource to '*/*'. - if realResource == rbacpolicy.ResourceApplications { + if projectScoped[realResource] { if subResource == "*" || subResource == "" { subResource = "*/*" } } - + if realResource == rbacpolicy.ResourceLogs { + if isLogRbacEnforced != nil && !isLogRbacEnforced() { + return true + } + } return enf.Enforce(subject, realResource, action, subResource) } diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index c2a5c6c2c3370..9fe9ab6953a68 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -130,6 +130,16 @@ func Test_PolicyFromYAML(t *testing.T) { require.NotEmpty(t, uPol) require.Equal(t, "role:unknown", dRole) require.Empty(t, matchMode) + require.True(t, checkPolicy("my-org:team-qa", "update", "project", "foo", + "", uPol, dRole, matchMode, true, nil)) +} + +func trueLogRbacEnforce() bool { + return true +} + +func falseLogRbacEnforce() bool { + return false } func Test_PolicyFromK8s(t *testing.T) { @@ -153,43 +163,105 @@ func Test_PolicyFromK8s(t *testing.T) { require.Equal(t, "", matchMode) t.Run("get applications", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "applications", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:user", "get", "applications", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) require.True(t, ok) }) t.Run("get clusters", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "clusters", "*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:user", "get", "clusters", "*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) require.True(t, ok) }) t.Run("get certificates", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", "*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:user", "get", "certificates", "*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) require.False(t, ok) }) t.Run("get certificates by default role", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", "*", assets.BuiltinPolicyCSV, uPol, "role:readonly", "glob", true) + ok := checkPolicy("role:user", "get", "certificates", "*", assets.BuiltinPolicyCSV, uPol, "role:readonly", "glob", true, nil) require.True(t, ok) }) t.Run("get certificates by default role without builtin policy", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", "*", "", uPol, "role:readonly", "glob", true) + ok := checkPolicy("role:user", "get", "certificates", "*", "", uPol, "role:readonly", "glob", true, nil) require.False(t, ok) }) t.Run("use regex match mode instead of glob", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", ".*", assets.BuiltinPolicyCSV, uPol, "role:readonly", "regex", true) + ok := checkPolicy("role:user", "get", "certificates", ".*", assets.BuiltinPolicyCSV, uPol, "role:readonly", "regex", true, nil) + require.False(t, ok) + }) + t.Run("get logs", func(t *testing.T) { + ok := checkPolicy("role:test", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) + require.True(t, ok) + }) + // no function is provided to check if logs rbac is enforced or not, so the policy permissions are queried to determine if no-such-user can get logs + t.Run("no-such-user get logs", func(t *testing.T) { + ok := checkPolicy("no-such-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) + require.False(t, ok) + }) + // logs rbac policy is enforced, and no-such-user is not granted logs permission in user policy, so the result should be false (cannot get logs) + t.Run("no-such-user get logs rbac enforced", func(t *testing.T) { + ok := checkPolicy("no-such-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, trueLogRbacEnforce) + require.False(t, ok) + }) + // no-such-user is not granted logs permission in user policy, but logs rbac policy is not enforced, so logs permission is open to all + t.Run("no-such-user get logs rbac not enforced", func(t *testing.T) { + ok := checkPolicy("no-such-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, falseLogRbacEnforce) + require.True(t, ok) + }) + // no function is provided to check if logs rbac is enforced or not, so the policy permissions are queried to determine if log-deny-user can get logs + t.Run("log-deny-user get logs", func(t *testing.T) { + ok := checkPolicy("log-deny-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) + require.False(t, ok) + }) + // logs rbac policy is enforced, and log-deny-user is denied logs permission in user policy, so the result should be false (cannot get logs) + t.Run("log-deny-user get logs rbac enforced", func(t *testing.T) { + ok := checkPolicy("log-deny-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, trueLogRbacEnforce) require.False(t, ok) }) + // log-deny-user is denied logs permission in user policy, but logs rbac policy is not enforced, so logs permission is open to all + t.Run("log-deny-user get logs rbac not enforced", func(t *testing.T) { + ok := checkPolicy("log-deny-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, falseLogRbacEnforce) + require.True(t, ok) + }) + // no function is provided to check if logs rbac is enforced or not, so the policy permissions are queried to determine if log-allow-user can get logs + t.Run("log-allow-user get logs", func(t *testing.T) { + ok := checkPolicy("log-allow-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) + require.True(t, ok) + }) + // logs rbac policy is enforced, and log-allow-user is granted logs permission in user policy, so the result should be true (can get logs) + t.Run("log-allow-user get logs rbac enforced", func(t *testing.T) { + ok := checkPolicy("log-allow-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, trueLogRbacEnforce) + require.True(t, ok) + }) + // log-allow-user is granted logs permission in user policy, and logs rbac policy is not enforced, so logs permission is open to all + t.Run("log-allow-user get logs rbac not enforced", func(t *testing.T) { + ok := checkPolicy("log-allow-user", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, falseLogRbacEnforce) + require.True(t, ok) + }) + t.Run("get logs", func(t *testing.T) { + ok := checkPolicy("role:test", "get", "logs", "*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) + require.True(t, ok) + }) t.Run("get logs", func(t *testing.T) { - ok := checkPolicy("role:test", "get", "logs", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:test", "get", "logs", "", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) require.True(t, ok) }) t.Run("create exec", func(t *testing.T) { - ok := checkPolicy("role:test", "create", "exec", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:test", "create", "exec", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) require.True(t, ok) }) t.Run("create applicationsets", func(t *testing.T) { - ok := checkPolicy("role:user", "create", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:user", "create", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) + require.True(t, ok) + }) + // trueLogRbacEnforce or falseLogRbacEnforce should not affect non-logs resources + t.Run("create applicationsets with trueLogRbacEnforce", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, trueLogRbacEnforce) + require.True(t, ok) + }) + t.Run("create applicationsets with falseLogRbacEnforce", func(t *testing.T) { + ok := checkPolicy("role:user", "create", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, trueLogRbacEnforce) require.True(t, ok) }) t.Run("delete applicationsets", func(t *testing.T) { - ok := checkPolicy("role:user", "delete", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true) + ok := checkPolicy("role:user", "delete", "applicationsets", "*/*", assets.BuiltinPolicyCSV, uPol, dRole, "", true, nil) require.True(t, ok) }) } @@ -229,49 +301,49 @@ p, role:readonly, certificates, get, .*, allow p, role:, certificates, get, .*, allow` t.Run("get applications", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "applications", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + ok := checkPolicy("role:user", "get", "applications", ".*/.*", builtInPolicy, uPol, dRole, "regex", true, nil) require.True(t, ok) }) t.Run("get clusters", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "clusters", ".*", builtInPolicy, uPol, dRole, "regex", true) + ok := checkPolicy("role:user", "get", "clusters", ".*", builtInPolicy, uPol, dRole, "regex", true, nil) require.True(t, ok) }) t.Run("get certificates", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", ".*", builtInPolicy, uPol, dRole, "regex", true) + ok := checkPolicy("role:user", "get", "certificates", ".*", builtInPolicy, uPol, dRole, "regex", true, nil) require.False(t, ok) }) t.Run("get certificates by default role", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", ".*", builtInPolicy, uPol, "role:readonly", "regex", true) + ok := checkPolicy("role:user", "get", "certificates", ".*", builtInPolicy, uPol, "role:readonly", "regex", true, nil) require.True(t, ok) }) t.Run("get certificates by default role without builtin policy", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", ".*", "", uPol, "role:readonly", "regex", true) + ok := checkPolicy("role:user", "get", "certificates", ".*", "", uPol, "role:readonly", "regex", true, nil) require.False(t, ok) }) t.Run("use glob match mode instead of regex", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "certificates", ".+", builtInPolicy, uPol, dRole, "glob", true) + ok := checkPolicy("role:user", "get", "certificates", ".+", builtInPolicy, uPol, dRole, "glob", true, nil) require.False(t, ok) }) t.Run("get logs via glob match mode", func(t *testing.T) { - ok := checkPolicy("role:user", "get", "logs", ".*/.*", builtInPolicy, uPol, dRole, "glob", true) + ok := checkPolicy("role:user", "get", "logs", ".*/.*", builtInPolicy, uPol, dRole, "glob", true, nil) require.True(t, ok) }) t.Run("create exec", func(t *testing.T) { - ok := checkPolicy("role:user", "create", "exec", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + ok := checkPolicy("role:user", "create", "exec", ".*/.*", builtInPolicy, uPol, dRole, "regex", true, nil) require.True(t, ok) }) t.Run("create applicationsets", func(t *testing.T) { - ok := checkPolicy("role:user", "create", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + ok := checkPolicy("role:user", "create", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true, nil) require.True(t, ok) }) t.Run("delete applicationsets", func(t *testing.T) { - ok := checkPolicy("role:user", "delete", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true) + ok := checkPolicy("role:user", "delete", "applicationsets", ".*/.*", builtInPolicy, uPol, dRole, "regex", true, nil) require.True(t, ok) }) } func TestNewRBACCanCommand(t *testing.T) { - command := NewRBACCanCommand() + command := NewRBACCanCommand(&settingsOpts{}) require.NotNil(t, command) assert.Equal(t, "can", command.Name()) diff --git a/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml b/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml index bf947fb8b7110..ed98df6c94879 100644 --- a/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml +++ b/cmd/argocd/commands/admin/testdata/rbac/argocd-rbac-cm.yaml @@ -12,6 +12,10 @@ data: p, role:user, applicationsets, delete, */*, allow p, role:user, logs, get, */*, allow g, test, role:user + policy.overlay.csv: | + p, role:tester, applications, *, */*, allow + p, role:tester, projects, *, *, allow + g, my-org:team-qa, role:tester policy.default: role:unknown kind: ConfigMap metadata: diff --git a/cmd/argocd/commands/admin/testdata/rbac/policy.csv b/cmd/argocd/commands/admin/testdata/rbac/policy.csv index b18d0904f5f60..a9f830ae92d8c 100644 --- a/cmd/argocd/commands/admin/testdata/rbac/policy.csv +++ b/cmd/argocd/commands/admin/testdata/rbac/policy.csv @@ -10,4 +10,6 @@ p, role:user, applicationsets, delete, */*, allow p, role:test, certificates, get, *, allow p, role:test, logs, get, */*, allow p, role:test, exec, create, */*, allow +p, log-allow-user, logs, get, */*, allow +p, log-deny-user, logs, get, */*, deny g, test, role:user diff --git a/cmd/argocd/commands/app_resource_test.go b/cmd/argocd/commands/app_resource_test.go index 41e864276955c..08c73b34357b7 100644 --- a/cmd/argocd/commands/app_resource_test.go +++ b/cmd/argocd/commands/app_resource_test.go @@ -36,7 +36,7 @@ func TestPrintTreeViewAppResources(t *testing.T) { buf := &bytes.Buffer{} w := tabwriter.NewWriter(buf, 0, 0, 2, ' ', 0) - printTreeViewAppResourcesNotOrphaned(nodeMapping, mapParentToChild, parentNode, false, false, w) + printTreeViewAppResourcesNotOrphaned(nodeMapping, mapParentToChild, parentNode, w) if err := w.Flush(); err != nil { t.Fatal(err) } @@ -77,7 +77,7 @@ func TestPrintTreeViewDetailedAppResources(t *testing.T) { buf := &bytes.Buffer{} w := tabwriter.NewWriter(buf, 0, 0, 2, ' ', 0) - printDetailedTreeViewAppResourcesNotOrphaned(nodeMapping, mapParentToChild, parentNode, false, false, w) + printDetailedTreeViewAppResourcesNotOrphaned(nodeMapping, mapParentToChild, parentNode, w) if err := w.Flush(); err != nil { t.Fatal(err) } diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index a6f74b66ec715..a530fba92ea8a 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -175,16 +175,16 @@ func parentChildInfo(nodes []v1alpha1.ResourceNode) (map[string]v1alpha1.Resourc return mapUidToNode, mapParentToChild, parentNode } -func printDetailedTreeViewAppResourcesNotOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, orphaned bool, listAll bool, w *tabwriter.Writer) { +func printDetailedTreeViewAppResourcesNotOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, w *tabwriter.Writer) { } -func printDetailedTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, orphaned bool, listAll bool, w *tabwriter.Writer) { +func printDetailedTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, w *tabwriter.Writer) { } -func printTreeViewAppResourcesNotOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, orphaned bool, listAll bool, w *tabwriter.Writer) { +func printTreeViewAppResourcesNotOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, w *tabwriter.Writer) { } -func printTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, orphaned bool, listAll bool, w *tabwriter.Writer) { +func printTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, w *tabwriter.Writer) { } func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.ApplicationTree, output string) { @@ -194,24 +194,24 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli if !orphaned || listAll { mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.Nodes) - printDetailedTreeViewAppResourcesNotOrphaned(mapUidToNode, mapParentToChild, parentNode, orphaned, listAll, w) + printDetailedTreeViewAppResourcesNotOrphaned(mapUidToNode, mapParentToChild, parentNode, w) } if orphaned || listAll { mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.OrphanedNodes) - printDetailedTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, orphaned, listAll, w) + printDetailedTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, w) } } else if output == "tree" { fmt.Fprintf(w, "GROUP\tKIND\tNAMESPACE\tNAME\tORPHANED\n") if !orphaned || listAll { mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.Nodes) - printTreeViewAppResourcesNotOrphaned(mapUidToNode, mapParentToChild, parentNode, orphaned, listAll, w) + printTreeViewAppResourcesNotOrphaned(mapUidToNode, mapParentToChild, parentNode, w) } if orphaned || listAll { mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.OrphanedNodes) - printTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, orphaned, listAll, w) + printTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, w) } } else { headers := []interface{}{"GROUP", "KIND", "NAMESPACE", "NAME", "ORPHANED"} diff --git a/cmd/argocd/commands/headless/headless.go b/cmd/argocd/commands/headless/headless.go index d148e527abab4..40ef90b84c7e5 100644 --- a/cmd/argocd/commands/headless/headless.go +++ b/cmd/argocd/commands/headless/headless.go @@ -8,23 +8,25 @@ import ( "sync" "time" - "github.com/spf13/cobra" - - "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize" - "github.com/argoproj/argo-cd/v2/common" - "github.com/alicebob/miniredis/v2" "github.com/golang/protobuf/ptypes/empty" "github.com/redis/go-redis/v9" log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" "github.com/spf13/pflag" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/runtime" + corev1 "k8s.io/api/core/v1" + metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + runtimeUtil "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" cache2 "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/clientcmd" "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" @@ -48,6 +50,7 @@ type forwardCacheClient struct { err error redisHaProxyName string redisName string + redisPassword string } func (c *forwardCacheClient) doLazy(action func(client cache.CacheClient) error) error { @@ -64,7 +67,7 @@ func (c *forwardCacheClient) doLazy(action func(client cache.CacheClient) error) return } - redisClient := redis.NewClient(&redis.Options{Addr: fmt.Sprintf("localhost:%d", redisPort)}) + redisClient := redis.NewClient(&redis.Options{Addr: fmt.Sprintf("localhost:%d", redisPort), Password: c.redisPassword}) c.client = cache.NewRedisCache(redisClient, time.Hour, c.compression) }) if c.err != nil { @@ -126,7 +129,7 @@ func (c *forwardRepoClientset) NewRepoServerClient() (io.Closer, repoapiclient.R } repoServerName := c.repoServerName repoServererviceLabelSelector := common.LabelKeyComponentRepoServer + "=" + common.LabelValueComponentRepoServer - repoServerServices, err := c.kubeClientset.CoreV1().Services(c.namespace).List(context.Background(), v1.ListOptions{LabelSelector: repoServererviceLabelSelector}) + repoServerServices, err := c.kubeClientset.CoreV1().Services(c.namespace).List(context.Background(), metaV1.ListOptions{LabelSelector: repoServererviceLabelSelector}) if err != nil { c.err = err return @@ -201,7 +204,7 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti } // get rid of logging error handler - runtime.ErrorHandlers = runtime.ErrorHandlers[1:] + runtimeUtil.ErrorHandlers = runtimeUtil.ErrorHandlers[1:] cli.SetLogLevel(log.ErrorLevel.String()) log.SetLevel(log.ErrorLevel) os.Setenv(v1alpha1.EnvVarFakeInClusterConfig, "true") @@ -231,6 +234,28 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti return fmt.Errorf("error creating kubernetes clientset: %w", err) } + dynamicClientset, err := dynamic.NewForConfig(restConfig) + if err != nil { + return fmt.Errorf("error creating kubernetes dynamic clientset: %w", err) + } + + scheme := runtime.NewScheme() + err = v1alpha1.AddToScheme(scheme) + if err != nil { + return fmt.Errorf("error adding argo resources to scheme: %w", err) + } + err = corev1.AddToScheme(scheme) + if err != nil { + return fmt.Errorf("error adding corev1 resources to scheme: %w", err) + } + controllerClientset, err := client.New(restConfig, client.Options{ + Scheme: scheme, + }) + if err != nil { + return fmt.Errorf("error creating kubernetes controller clientset: %w", err) + } + controllerClientset = client.NewDryRunClient(controllerClientset) + namespace, _, err := clientConfig.Namespace() if err != nil { return fmt.Errorf("error getting namespace: %w", err) @@ -240,21 +265,28 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti if err != nil { return fmt.Errorf("error running miniredis: %w", err) } - appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr, compression: compression, redisHaProxyName: clientOpts.RedisHaProxyName, redisName: clientOpts.RedisName}), time.Hour) + redisOptions := &redis.Options{Addr: mr.Addr()} + if err = common.SetOptionalRedisPasswordFromKubeConfig(ctx, kubeClientset, namespace, redisOptions); err != nil { + log.Warnf("Failed to fetch & set redis password for namespace %s: %v", namespace, err) + } + + appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr, compression: compression, redisHaProxyName: clientOpts.RedisHaProxyName, redisName: clientOpts.RedisName, redisPassword: redisOptions.Password}), time.Hour) srv := server.NewServer(ctx, server.ArgoCDServerOpts{ - EnableGZip: false, - Namespace: namespace, - ListenPort: *port, - AppClientset: appClientset, - DisableAuth: true, - RedisClient: redis.NewClient(&redis.Options{Addr: mr.Addr()}), - Cache: servercache.NewCache(appstateCache, 0, 0, 0), - KubeClientset: kubeClientset, - Insecure: true, - ListenHost: *address, - RepoClientset: &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset}, - EnableProxyExtension: false, - }) + EnableGZip: false, + Namespace: namespace, + ListenPort: *port, + AppClientset: appClientset, + DisableAuth: true, + RedisClient: redis.NewClient(redisOptions), + Cache: servercache.NewCache(appstateCache, 0, 0, 0), + KubeClientset: kubeClientset, + DynamicClientset: dynamicClientset, + KubeControllerClientset: controllerClientset, + Insecure: true, + ListenHost: *address, + RepoClientset: &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset}, + EnableProxyExtension: false, + }, server.ApplicationSetOpts{}) srv.Init(ctx) lns, err := srv.Listen() diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go index f8dde97e9c77a..72b89dae1771c 100644 --- a/cmd/argocd/commands/login.go +++ b/cmd/argocd/commands/login.go @@ -37,12 +37,13 @@ import ( // NewLoginCommand returns a new instance of `argocd login` command func NewLoginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - ctxName string - username string - password string - sso bool - ssoPort int - skipTestTLS bool + ctxName string + username string + password string + sso bool + ssoPort int + skipTestTLS bool + ssoLaunchBrowser bool ) command := &cobra.Command{ Use: "login SERVER", @@ -135,7 +136,7 @@ argocd login cd.argoproj.io --core`, errors.CheckError(err) oauth2conf, provider, err := acdClient.OIDCConfig(ctx, acdSet) errors.CheckError(err) - tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider) + tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider, ssoLaunchBrowser) } parser := jwt.NewParser(jwt.WithoutClaimsValidation()) claims := jwt.MapClaims{} @@ -184,6 +185,7 @@ argocd login cd.argoproj.io --core`, command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application") command.Flags(). BoolVar(&skipTestTLS, "skip-test-tls", false, "Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason)") + command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the system default browser when performing SSO login") return command } @@ -205,6 +207,7 @@ func oauth2Login( oidcSettings *settingspkg.OIDCConfig, oauth2conf *oauth2.Config, provider *oidc.Provider, + ssoLaunchBrowser bool, ) (string, string) { oauth2conf.RedirectURL = fmt.Sprintf("http://localhost:%d/auth/callback", port) oidcConf, err := oidcutil.ParseConfig(provider) @@ -304,8 +307,6 @@ func oauth2Login( http.HandleFunc("/auth/callback", callbackHandler) // Redirect user to login & consent page to ask for permission for the scopes specified above. - fmt.Printf("Opening browser for authentication\n") - var url string var oidcconfig oidcconfig.OIDCConfig grantType := oidcutil.InferGrantType(oidcConf) @@ -330,8 +331,7 @@ func oauth2Login( } fmt.Printf("Performing %s flow login: %s\n", grantType, url) time.Sleep(1 * time.Second) - err = open.Start(url) - errors.CheckError(err) + ssoAuthFlow(url, ssoLaunchBrowser) go func() { log.Debugf("Listen: %s", srv.Addr) if err := srv.ListenAndServe(); err != http.ErrServerClosed { @@ -363,3 +363,13 @@ func passwordLogin(ctx context.Context, acdClient argocdclient.Client, username, errors.CheckError(err) return createdSession.Token } + +func ssoAuthFlow(url string, ssoLaunchBrowser bool) { + if ssoLaunchBrowser { + fmt.Printf("Opening system default browser for authentication\n") + err := open.Start(url) + errors.CheckError(err) + } else { + fmt.Printf("To authenticate, copy-and-paste the following URL into your preferred browser: %s\n", url) + } +} diff --git a/cmd/argocd/commands/login_test.go b/cmd/argocd/commands/login_test.go index 3a7411b4b7fa3..420b484674901 100644 --- a/cmd/argocd/commands/login_test.go +++ b/cmd/argocd/commands/login_test.go @@ -1,12 +1,39 @@ package commands import ( + "io" + "os" "testing" + utils "github.com/argoproj/argo-cd/v2/util/io" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" ) +func captureStdout(callback func()) (string, error) { + oldStdout := os.Stdout + oldStderr := os.Stderr + r, w, err := os.Pipe() + if err != nil { + return "", err + } + os.Stdout = w + defer func() { + os.Stdout = oldStdout + os.Stderr = oldStderr + }() + + callback() + utils.Close(w) + + data, err := io.ReadAll(r) + if err != nil { + return "", err + } + return string(data), err +} + func Test_userDisplayName_email(t *testing.T) { claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "firstname.lastname@example.com", "groups": []string{"baz"}} actualName := userDisplayName(claims) @@ -27,3 +54,11 @@ func Test_userDisplayName_sub(t *testing.T) { expectedName := "foo" assert.Equal(t, expectedName, actualName) } + +func Test_ssoAuthFlow_ssoLaunchBrowser_false(t *testing.T) { + out, _ := captureStdout(func() { + ssoAuthFlow("http://test-sso-browser-flow.com", false) + }) + + assert.Contains(t, out, "To authenticate, copy-and-paste the following URL into your preferred browser: http://test-sso-browser-flow.com") +} diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index ef2aa92b87a55..827af5e536c33 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1,10 +1,12 @@ package commands import ( + "context" "encoding/json" "fmt" "io" "os" + "slices" "strings" "text/tabwriter" "time" @@ -79,6 +81,8 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { command.AddCommand(NewProjectRemoveOrphanedIgnoreCommand(clientOpts)) command.AddCommand(NewProjectAddSourceNamespace(clientOpts)) command.AddCommand(NewProjectRemoveSourceNamespace(clientOpts)) + command.AddCommand(NewProjectAddDestinationServiceAccountCommand(clientOpts)) + command.AddCommand(NewProjectRemoveDestinationServiceAccountCommand(clientOpts)) return command } @@ -798,7 +802,7 @@ func printProjectNames(projects []v1alpha1.AppProject) { // Print table of project info func printProjectTable(projects []v1alpha1.AppProject) { w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintf(w, "NAME\tDESCRIPTION\tDESTINATIONS\tSOURCES\tCLUSTER-RESOURCE-WHITELIST\tNAMESPACE-RESOURCE-BLACKLIST\tSIGNATURE-KEYS\tORPHANED-RESOURCES\n") + fmt.Fprintf(w, "NAME\tDESCRIPTION\tDESTINATIONS\tSOURCES\tCLUSTER-RESOURCE-WHITELIST\tNAMESPACE-RESOURCE-BLACKLIST\tSIGNATURE-KEYS\tORPHANED-RESOURCES\tDESTINATION-SERVICE-ACCOUNTS\n") for _, p := range projects { printProjectLine(w, &p) } @@ -854,7 +858,7 @@ func formatOrphanedResources(p *v1alpha1.AppProject) string { } func printProjectLine(w io.Writer, p *v1alpha1.AppProject) { - var destinations, sourceRepos, clusterWhitelist, namespaceBlacklist, signatureKeys string + var destinations, destinationServiceAccounts, sourceRepos, clusterWhitelist, namespaceBlacklist, signatureKeys string switch len(p.Spec.Destinations) { case 0: destinations = "" @@ -863,6 +867,14 @@ func printProjectLine(w io.Writer, p *v1alpha1.AppProject) { default: destinations = fmt.Sprintf("%d destinations", len(p.Spec.Destinations)) } + switch len(p.Spec.DestinationServiceAccounts) { + case 0: + destinationServiceAccounts = "" + case 1: + destinationServiceAccounts = fmt.Sprintf("%s,%s,%s", p.Spec.DestinationServiceAccounts[0].Server, p.Spec.DestinationServiceAccounts[0].Namespace, p.Spec.DestinationServiceAccounts[0].DefaultServiceAccount) + default: + destinationServiceAccounts = fmt.Sprintf("%d destinationServiceAccounts", len(p.Spec.DestinationServiceAccounts)) + } switch len(p.Spec.SourceRepos) { case 0: sourceRepos = "" @@ -891,7 +903,7 @@ func printProjectLine(w io.Writer, p *v1alpha1.AppProject) { default: signatureKeys = fmt.Sprintf("%d key(s)", len(p.Spec.SignatureKeys)) } - fmt.Fprintf(w, "%s\t%s\t%v\t%v\t%v\t%v\t%v\t%v\n", p.Name, p.Spec.Description, destinations, sourceRepos, clusterWhitelist, namespaceBlacklist, signatureKeys, formatOrphanedResources(p)) + fmt.Fprintf(w, "%s\t%s\t%v\t%v\t%v\t%v\t%v\t%v\t%v\n", p.Name, p.Spec.Description, destinations, sourceRepos, clusterWhitelist, namespaceBlacklist, signatureKeys, formatOrphanedResources(p), destinationServiceAccounts) } func printProject(p *v1alpha1.AppProject, scopedRepositories []*v1alpha1.Repository, scopedClusters []*v1alpha1.Cluster) { @@ -920,6 +932,16 @@ func printProject(p *v1alpha1.AppProject, scopedRepositories []*v1alpha1.Reposit fmt.Printf(printProjFmtStr, "", p.Spec.SourceRepos[i]) } + // Print source namespaces + ns0 := "" + if len(p.Spec.SourceNamespaces) > 0 { + ns0 = p.Spec.SourceNamespaces[0] + } + fmt.Printf(printProjFmtStr, "Source Namespaces:", ns0) + for i := 1; i < len(p.Spec.SourceNamespaces); i++ { + fmt.Printf(printProjFmtStr, "", p.Spec.SourceNamespaces[i]) + } + // Print scoped repositories scr0 := "" if len(scopedRepositories) > 0 { @@ -996,10 +1018,7 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command os.Exit(1) } projName := args[0] - conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() - defer argoio.Close(conn) - detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) - errors.CheckError(err) + detailedProject := getProject(c, clientOpts, ctx, projName) switch output { case "yaml", "json": @@ -1016,6 +1035,14 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command return command } +func getProject(c *cobra.Command, clientOpts *argocdclient.ClientOptions, ctx context.Context, projName string) *projectpkg.DetailedProjectsResponse { + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) + return detailedProject +} + func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { command := &cobra.Command{ Use: "edit PROJECT", @@ -1066,3 +1093,122 @@ func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman } return command } + +// NewProjectAddDestinationServiceAccountCommand returns a new instance of an `argocd proj add-destination-service-account` command +func NewProjectAddDestinationServiceAccountCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + var serviceAccountNamespace string + + buildApplicationDestinationServiceAccount := func(destination string, namespace string, serviceAccount string, serviceAccountNamespace string) v1alpha1.ApplicationDestinationServiceAccount { + if serviceAccountNamespace != "" { + return v1alpha1.ApplicationDestinationServiceAccount{ + Server: destination, + Namespace: namespace, + DefaultServiceAccount: fmt.Sprintf("%s:%s", serviceAccountNamespace, serviceAccount), + } + } else { + return v1alpha1.ApplicationDestinationServiceAccount{ + Server: destination, + Namespace: namespace, + DefaultServiceAccount: serviceAccount, + } + } + } + + command := &cobra.Command{ + Use: "add-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT", + Short: "Add project destination's default service account", + Example: templates.Examples(` + # Add project destination service account (SERVICE_ACCOUNT) for a server URL (SERVER) in the specified namespace (NAMESPACE) on the project with name PROJECT + argocd proj add-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT + + # Add project destination service account (SERVICE_ACCOUNT) from a different namespace + argocd proj add-destination PROJECT SERVER NAMESPACE SERVICE_ACCOUNT --service-account-namespace + `), + Run: func(c *cobra.Command, args []string) { + ctx := c.Context() + + if len(args) != 4 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + server := args[1] + namespace := args[2] + serviceAccount := args[3] + + if strings.Contains(serviceAccountNamespace, "*") { + log.Fatal("service-account-namespace for DestinationServiceAccount must not contain wildcards") + } + + if strings.Contains(serviceAccount, "*") { + log.Fatal("ServiceAccount for DestinationServiceAccount must not contain wildcards") + } + + destinationServiceAccount := buildApplicationDestinationServiceAccount(server, namespace, serviceAccount, serviceAccountNamespace) + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + + proj, err := projIf.Get(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) + + for _, dest := range proj.Spec.DestinationServiceAccounts { + dstServerExist := destinationServiceAccount.Server != "" && dest.Server == destinationServiceAccount.Server + dstServiceAccountExist := destinationServiceAccount.DefaultServiceAccount != "" && dest.DefaultServiceAccount == destinationServiceAccount.DefaultServiceAccount + if dest.Namespace == destinationServiceAccount.Namespace && dstServerExist && dstServiceAccountExist { + log.Fatal("Specified destination service account is already defined in project") + } + } + proj.Spec.DestinationServiceAccounts = append(proj.Spec.DestinationServiceAccounts, destinationServiceAccount) + _, err = projIf.Update(ctx, &projectpkg.ProjectUpdateRequest{Project: proj}) + errors.CheckError(err) + }, + } + command.Flags().StringVar(&serviceAccountNamespace, "service-account-namespace", "", "Use service-account-namespace as namespace where the service account is present") + return command +} + +// NewProjectRemoveDestinationCommand returns a new instance of an `argocd proj remove-destination-service-account` command +func NewProjectRemoveDestinationServiceAccountCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { + command := &cobra.Command{ + Use: "remove-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT", + Short: "Remove default destination service account from the project", + Example: templates.Examples(` + # Remove the destination service account (SERVICE_ACCOUNT) from the specified destination (SERVER and NAMESPACE combination) on the project with name PROJECT + argocd proj remove-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT + `), + Run: func(c *cobra.Command, args []string) { + ctx := c.Context() + + if len(args) != 4 { + c.HelpFunc()(c, args) + os.Exit(1) + } + projName := args[0] + server := args[1] + namespace := args[2] + serviceAccount := args[3] + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + + proj, err := projIf.Get(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) + + originalLength := len(proj.Spec.DestinationServiceAccounts) + proj.Spec.DestinationServiceAccounts = slices.DeleteFunc(proj.Spec.DestinationServiceAccounts, + func(destServiceAccount v1alpha1.ApplicationDestinationServiceAccount) bool { + return destServiceAccount.Namespace == namespace && + destServiceAccount.Server == server && + destServiceAccount.DefaultServiceAccount == serviceAccount + }, + ) + if originalLength != len(proj.Spec.DestinationServiceAccounts) { + _, err = projIf.Update(ctx, &projectpkg.ProjectUpdateRequest{Project: proj}) + errors.CheckError(err) + } else { + log.Fatal("Specified destination service account does not exist in project") + } + }, + } + + return command +} diff --git a/cmd/argocd/commands/projectwindows.go b/cmd/argocd/commands/projectwindows.go index d824222306419..b04615e22fd41 100644 --- a/cmd/argocd/commands/projectwindows.go +++ b/cmd/argocd/commands/projectwindows.go @@ -352,9 +352,10 @@ func printSyncWindows(proj *v1alpha1.AppProject) { fmt.Fprintf(w, fmtStr, headers...) if proj.Spec.SyncWindows.HasWindows() { for i, window := range proj.Spec.SyncWindows { + isActive, _ := window.Active() vals := []interface{}{ strconv.Itoa(i), - formatBoolOutput(window.Active()), + formatBoolOutput(isActive), window.Kind, window.Schedule, window.Duration, diff --git a/cmd/argocd/commands/relogin.go b/cmd/argocd/commands/relogin.go index 95159066d2cb1..effb0239c051b 100644 --- a/cmd/argocd/commands/relogin.go +++ b/cmd/argocd/commands/relogin.go @@ -20,8 +20,9 @@ import ( // NewReloginCommand returns a new instance of `argocd relogin` command func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - password string - ssoPort int + password string + ssoPort int + ssoLaunchBrowser bool ) command := &cobra.Command{ Use: "relogin", @@ -72,7 +73,7 @@ func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comm errors.CheckError(err) oauth2conf, provider, err := acdClient.OIDCConfig(ctx, acdSet) errors.CheckError(err) - tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider) + tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider, ssoLaunchBrowser) } localCfg.UpsertUser(localconfig.User{ @@ -99,5 +100,6 @@ argocd login cd.argoproj.io --core } command.Flags().StringVar(&password, "password", "", "The password of an account to authenticate") command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application") + command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the default browser when performing SSO login") return command } diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go index 35b1aebb04bf8..f58204ea76c3a 100644 --- a/cmd/argocd/commands/repo.go +++ b/cmd/argocd/commands/repo.go @@ -178,6 +178,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { repoOpts.Repo.GithubAppInstallationId = repoOpts.GithubAppInstallationId repoOpts.Repo.GitHubAppEnterpriseBaseURL = repoOpts.GitHubAppEnterpriseBaseURL repoOpts.Repo.Proxy = repoOpts.Proxy + repoOpts.Repo.NoProxy = repoOpts.NoProxy repoOpts.Repo.ForceHttpBasicAuth = repoOpts.ForceHttpBasicAuth if repoOpts.Repo.Type == "helm" && repoOpts.Repo.Name == "" { diff --git a/cmd/argocd/commands/repocreds.go b/cmd/argocd/commands/repocreds.go index fa6c20c8c3f98..21ebca795cdfb 100644 --- a/cmd/argocd/commands/repocreds.go +++ b/cmd/argocd/commands/repocreds.go @@ -187,6 +187,7 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma command.Flags().StringVar(&repo.Type, "type", common.DefaultRepoType, "type of the repository, \"git\" or \"helm\"") command.Flags().StringVar(&gcpServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform") command.Flags().BoolVar(&repo.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force basic auth when connecting via HTTP") + command.Flags().StringVar(&repo.Proxy, "proxy-url", "", "If provided, this URL will be used to connect via proxy") return command } diff --git a/cmd/argocd/commands/root.go b/cmd/argocd/commands/root.go index 3d75eb0ed1ece..d55face9afd5b 100644 --- a/cmd/argocd/commands/root.go +++ b/cmd/argocd/commands/root.go @@ -77,6 +77,7 @@ func NewCommand() *cobra.Command { command.PersistentFlags().StringVar(&clientOpts.PortForwardNamespace, "port-forward-namespace", config.GetFlag("port-forward-namespace", ""), "Namespace name which should be used for port forwarding") command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", config.GetIntFlag("http-retry-max", 0), "Maximum number of retries to establish http connection to Argo CD server") command.PersistentFlags().BoolVar(&clientOpts.Core, "core", config.GetBoolFlag("core"), "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") + command.PersistentFlags().StringVar(&clientOpts.Context, "argocd-context", "", "The name of the Argo-CD server context to use") command.PersistentFlags().StringVar(&clientOpts.ServerName, "server-name", env.StringFromEnv(common.EnvServerName, common.DefaultServerName), fmt.Sprintf("Name of the Argo CD API server; set this or the %s environment variable when the server's name label differs from the default, for example when installing via the Helm chart", common.EnvServerName)) command.PersistentFlags().StringVar(&clientOpts.AppControllerName, "controller-name", env.StringFromEnv(common.EnvAppControllerName, common.DefaultApplicationControllerName), fmt.Sprintf("Name of the Argo CD Application controller; set this or the %s environment variable when the controller's name label differs from the default, for example when installing via the Helm chart", common.EnvAppControllerName)) command.PersistentFlags().StringVar(&clientOpts.RedisHaProxyName, "redis-haproxy-name", env.StringFromEnv(common.EnvRedisHaProxyName, common.DefaultRedisHaProxyName), fmt.Sprintf("Name of the Redis HA Proxy; set this or the %s environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart", common.EnvRedisHaProxyName)) diff --git a/cmd/main.go b/cmd/main.go index c8e2458d5aeee..6aaf678ae13ba 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -4,6 +4,8 @@ import ( "os" "path/filepath" + "github.com/argoproj/argo-cd/v2/cmd/util" + "github.com/spf13/cobra" changerevisioncontroller "github.com/argoproj/argo-cd/v2/cmd/application-change-revision-controller/commands" @@ -31,9 +33,12 @@ func main() { if val := os.Getenv(binaryNameEnv); val != "" { binaryName = val } + + isCLI := false switch binaryName { case "argocd", "argocd-linux-amd64", "argocd-darwin-amd64", "argocd-windows-amd64.exe": command = cli.NewCommand() + isCLI = true case "argocd-server": command = apiserver.NewCommand() case "event-reporter-server": @@ -46,19 +51,24 @@ func main() { command = reposerver.NewCommand() case "argocd-cmp-server": command = cmpserver.NewCommand() + isCLI = true case "argocd-dex": command = dex.NewCommand() case "argocd-notifications": command = notification.NewCommand() case "argocd-git-ask-pass": command = gitaskpass.NewCommand() + isCLI = true case "argocd-applicationset-controller": command = applicationset.NewCommand() case "argocd-k8s-auth": command = k8sauth.NewCommand() + isCLI = true default: command = cli.NewCommand() + isCLI = true } + util.SetAutoMaxProcs(isCLI) if err := command.Execute(); err != nil { os.Exit(1) diff --git a/cmd/util/app.go b/cmd/util/app.go index 1ac606a22ba5c..930b29c498d69 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -9,6 +9,8 @@ import ( "strings" "time" + "go.uber.org/automaxprocs/maxprocs" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "github.com/argoproj/gitops-engine/pkg/utils/kube" @@ -48,6 +50,9 @@ type AppOptions struct { helmVersion string helmPassCredentials bool helmSkipCrds bool + helmNamespace string + helmKubeVersion string + helmApiVersions []string project string syncPolicy string syncOptions []string @@ -72,6 +77,8 @@ type AppOptions struct { kustomizeForceCommonLabels bool kustomizeForceCommonAnnotations bool kustomizeNamespace string + kustomizeKubeVersion string + kustomizeApiVersions []string pluginEnvs []string Validate bool directoryExclude string @@ -83,6 +90,19 @@ type AppOptions struct { ref string } +// SetAutoMaxProcs sets the GOMAXPROCS value based on the binary name. +// It suppresses logs for CLI binaries and logs the setting for services. +func SetAutoMaxProcs(isCLI bool) { + if isCLI { + _, _ = maxprocs.Set() // Intentionally ignore errors for CLI binaries + } else { + _, err := maxprocs.Set(maxprocs.Logger(log.Infof)) + if err != nil { + log.Errorf("Error setting GOMAXPROCS: %v", err) + } + } +} + func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().StringVar(&opts.repoURL, "repo", "", "Repository URL, ignored if a file is set") command.Flags().StringVar(&opts.appPath, "path", "", "Path in repository to the app directory, ignored if a file is set") @@ -104,6 +124,9 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().StringArrayVar(&opts.helmSetStrings, "helm-set-string", []string{}, "Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2)") command.Flags().StringArrayVar(&opts.helmSetFiles, "helm-set-file", []string{}, "Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2)") command.Flags().BoolVar(&opts.helmSkipCrds, "helm-skip-crds", false, "Skip helm crd installation step") + command.Flags().StringVar(&opts.helmNamespace, "helm-namespace", "", "Helm namespace to use when running helm template. If not set, use app.spec.destination.namespace") + command.Flags().StringVar(&opts.helmKubeVersion, "helm-kube-version", "", "Helm kube-version to use when running helm template. If not set, use the kube version from the destination cluster") + command.Flags().StringArrayVar(&opts.helmApiVersions, "helm-api-versions", []string{}, "Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster") command.Flags().StringVar(&opts.project, "project", "", "Application project name") command.Flags().StringVar(&opts.syncPolicy, "sync-policy", "", "Set the sync policy (one of: manual (aliases of manual: none), automated (aliases of automated: auto, automatic))") command.Flags().StringArrayVar(&opts.syncOptions, "sync-option", []string{}, "Add or remove a sync option, e.g add `Prune=false`. Remove using `!` prefix, e.g. `!Prune=false`") @@ -130,6 +153,8 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().BoolVar(&opts.kustomizeForceCommonLabels, "kustomize-force-common-label", false, "Force common labels in Kustomize") command.Flags().BoolVar(&opts.kustomizeForceCommonAnnotations, "kustomize-force-common-annotation", false, "Force common annotations in Kustomize") command.Flags().StringVar(&opts.kustomizeNamespace, "kustomize-namespace", "", "Kustomize namespace") + command.Flags().StringVar(&opts.kustomizeKubeVersion, "kustomize-kube-version", "", "kube-version to use when running helm template. If not set, use the kube version from the destination cluster. Only applicable when Helm is enabled for Kustomize builds") + command.Flags().StringArrayVar(&opts.kustomizeApiVersions, "kustomize-api-versions", nil, "api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster. Only applicable when Helm is enabled for Kustomize builds") command.Flags().StringVar(&opts.directoryExclude, "directory-exclude", "", "Set glob expression used to exclude files from application source path") command.Flags().StringVar(&opts.directoryInclude, "directory-include", "", "Set glob expression used to include files from application source path") command.Flags().Int64Var(&opts.retryLimit, "sync-retry-limit", 0, "Max number of allowed sync retries") @@ -266,6 +291,8 @@ type kustomizeOpts struct { forceCommonLabels bool forceCommonAnnotations bool namespace string + kubeVersion string + apiVersions []string } func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) { @@ -284,6 +311,12 @@ func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) { if opts.namespace != "" { src.Kustomize.Namespace = opts.namespace } + if opts.kubeVersion != "" { + src.Kustomize.KubeVersion = opts.kubeVersion + } + if len(opts.apiVersions) > 0 { + src.Kustomize.APIVersions = opts.apiVersions + } if opts.commonLabels != nil { src.Kustomize.CommonLabels = opts.commonLabels } @@ -340,6 +373,9 @@ type helmOpts struct { helmSetFiles []string passCredentials bool skipCrds bool + namespace string + kubeVersion string + apiVersions []string } func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) { @@ -370,6 +406,15 @@ func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) { if opts.skipCrds { src.Helm.SkipCrds = opts.skipCrds } + if opts.namespace != "" { + src.Helm.Namespace = opts.namespace + } + if opts.kubeVersion != "" { + src.Helm.KubeVersion = opts.kubeVersion + } + if len(opts.apiVersions) > 0 { + src.Helm.APIVersions = opts.apiVersions + } for _, text := range opts.helmSets { p, err := argoappv1.NewHelmParameter(text, false) if err != nil { @@ -628,6 +673,12 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl setHelmOpt(source, helmOpts{helmSetFiles: appOpts.helmSetFiles}) case "helm-skip-crds": setHelmOpt(source, helmOpts{skipCrds: appOpts.helmSkipCrds}) + case "helm-namespace": + setHelmOpt(source, helmOpts{namespace: appOpts.helmNamespace}) + case "helm-kube-version": + setHelmOpt(source, helmOpts{kubeVersion: appOpts.helmKubeVersion}) + case "helm-api-versions": + setHelmOpt(source, helmOpts{apiVersions: appOpts.helmApiVersions}) case "directory-recurse": if source.Directory != nil { source.Directory.Recurse = appOpts.directoryRecurse @@ -660,6 +711,10 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl setKustomizeOpt(source, kustomizeOpts{version: appOpts.kustomizeVersion}) case "kustomize-namespace": setKustomizeOpt(source, kustomizeOpts{namespace: appOpts.kustomizeNamespace}) + case "kustomize-kube-version": + setKustomizeOpt(source, kustomizeOpts{kubeVersion: appOpts.kustomizeKubeVersion}) + case "kustomize-api-versions": + setKustomizeOpt(source, kustomizeOpts{apiVersions: appOpts.kustomizeApiVersions}) case "kustomize-common-label": parsedLabels, err := label.Parse(appOpts.kustomizeCommonLabels) errors.CheckError(err) diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go index dcaae6ea8031e..47bd139670aa1 100644 --- a/cmd/util/app_test.go +++ b/cmd/util/app_test.go @@ -1,10 +1,11 @@ package util import ( + "bytes" + "log" "os" "testing" - log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -65,6 +66,21 @@ func Test_setHelmOpt(t *testing.T) { setHelmOpt(&src, helmOpts{skipCrds: true}) assert.True(t, src.Helm.SkipCrds) }) + t.Run("HelmNamespace", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setHelmOpt(&src, helmOpts{namespace: "custom-namespace"}) + assert.Equal(t, "custom-namespace", src.Helm.Namespace) + }) + t.Run("HelmKubeVersion", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setHelmOpt(&src, helmOpts{kubeVersion: "v1.16.0"}) + assert.Equal(t, "v1.16.0", src.Helm.KubeVersion) + }) + t.Run("HelmApiVersions", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setHelmOpt(&src, helmOpts{apiVersions: []string{"v1", "v2"}}) + assert.Equal(t, []string{"v1", "v2"}, src.Helm.APIVersions) + }) } func Test_setKustomizeOpt(t *testing.T) { @@ -114,6 +130,16 @@ func Test_setKustomizeOpt(t *testing.T) { setKustomizeOpt(&src, kustomizeOpts{namespace: "custom-namespace"}) assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Namespace: "custom-namespace"}, src.Kustomize) }) + t.Run("KubeVersion", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setKustomizeOpt(&src, kustomizeOpts{kubeVersion: "999.999.999"}) + assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{KubeVersion: "999.999.999"}, src.Kustomize) + }) + t.Run("ApiVersions", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setKustomizeOpt(&src, kustomizeOpts{apiVersions: []string{"v1", "v2"}}) + assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{APIVersions: []string{"v1", "v2"}}, src.Kustomize) + }) t.Run("Common labels", func(t *testing.T) { src := v1alpha1.ApplicationSource{} setKustomizeOpt(&src, kustomizeOpts{commonLabels: map[string]string{"foo1": "bar1", "foo2": "bar2"}}) @@ -233,6 +259,32 @@ func Test_setAppSpecOptions(t *testing.T) { require.NoError(t, f.SetFlag("kustomize-replica", "my-statefulset=4")) assert.Equal(t, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}, f.spec.Source.Kustomize.Replicas) }) + t.Run("Kustomize Namespace", func(t *testing.T) { + require.NoError(t, f.SetFlag("kustomize-namespace", "override-namespace")) + assert.Equal(t, "override-namespace", f.spec.Source.Kustomize.Namespace) + }) + t.Run("Kustomize Kube Version", func(t *testing.T) { + require.NoError(t, f.SetFlag("kustomize-kube-version", "999.999.999")) + assert.Equal(t, "999.999.999", f.spec.Source.Kustomize.KubeVersion) + }) + t.Run("Kustomize API Versions", func(t *testing.T) { + require.NoError(t, f.SetFlag("kustomize-api-versions", "v1")) + require.NoError(t, f.SetFlag("kustomize-api-versions", "v2")) + assert.Equal(t, []string{"v1", "v2"}, f.spec.Source.Kustomize.APIVersions) + }) + t.Run("Helm Namespace", func(t *testing.T) { + require.NoError(t, f.SetFlag("helm-namespace", "override-namespace")) + assert.Equal(t, "override-namespace", f.spec.Source.Helm.Namespace) + }) + t.Run("Helm Kube Version", func(t *testing.T) { + require.NoError(t, f.SetFlag("kustomize-kube-version", "999.999.999")) + assert.Equal(t, "999.999.999", f.spec.Source.Kustomize.KubeVersion) + }) + t.Run("Helm API Versions", func(t *testing.T) { + require.NoError(t, f.SetFlag("helm-api-versions", "v1")) + require.NoError(t, f.SetFlag("helm-api-versions", "v2")) + assert.Equal(t, []string{"v1", "v2"}, f.spec.Source.Helm.APIVersions) + }) } func newMultiSourceAppOptionsFixture() *appOptionsFixture { @@ -478,3 +530,27 @@ func TestFilterResources(t *testing.T) { assert.Nil(t, filteredResources) }) } + +func TestSetAutoMaxProcs(t *testing.T) { + t.Run("CLI mode ignores errors", func(t *testing.T) { + logBuffer := &bytes.Buffer{} + oldLogger := log.Default() + log.SetOutput(logBuffer) + defer log.SetOutput(oldLogger.Writer()) + + SetAutoMaxProcs(true) + + assert.Empty(t, logBuffer.String(), "Expected no log output when isCLI is true") + }) + + t.Run("Non-CLI mode logs error on failure", func(t *testing.T) { + logBuffer := &bytes.Buffer{} + oldLogger := log.Default() + log.SetOutput(logBuffer) + defer log.SetOutput(oldLogger.Writer()) + + SetAutoMaxProcs(false) + + assert.NotContains(t, logBuffer.String(), "Error setting GOMAXPROCS", "Unexpected log output detected") + }) +} diff --git a/cmd/util/cluster_test.go b/cmd/util/cluster_test.go index f30a4aed51abd..24b46765ca686 100644 --- a/cmd/util/cluster_test.go +++ b/cmd/util/cluster_test.go @@ -1,7 +1,6 @@ package util import ( - "strings" "testing" "github.com/stretchr/testify/assert" @@ -53,8 +52,8 @@ func Test_newCluster(t *testing.T) { &v1alpha1.AWSAuthConfig{}, &v1alpha1.ExecProviderConfig{}, labels, nil) - assert.True(t, strings.Contains(string(clusterWithFiles.Config.CertData), "test-cert-data")) - assert.True(t, strings.Contains(string(clusterWithFiles.Config.KeyData), "test-key-data")) + assert.Contains(t, string(clusterWithFiles.Config.CertData), "test-cert-data") + assert.Contains(t, string(clusterWithFiles.Config.KeyData), "test-key-data") assert.Equal(t, "", clusterWithFiles.Config.BearerToken) assert.Equal(t, labels, clusterWithFiles.Labels) assert.Nil(t, clusterWithFiles.Annotations) diff --git a/cmd/util/project.go b/cmd/util/project.go index f4bbae0977430..63dff2018c975 100644 --- a/cmd/util/project.go +++ b/cmd/util/project.go @@ -20,11 +20,12 @@ import ( ) type ProjectOpts struct { - Description string - destinations []string - Sources []string - SignatureKeys []string - SourceNamespaces []string + Description string + destinations []string + destinationServiceAccounts []string + Sources []string + SignatureKeys []string + SourceNamespaces []string orphanedResourcesEnabled bool orphanedResourcesWarn bool @@ -47,6 +48,8 @@ func AddProjFlags(command *cobra.Command, opts *ProjectOpts) { command.Flags().StringArrayVar(&opts.allowedNamespacedResources, "allow-namespaced-resource", []string{}, "List of allowed namespaced resources") command.Flags().StringArrayVar(&opts.deniedNamespacedResources, "deny-namespaced-resource", []string{}, "List of denied namespaced resources") command.Flags().StringSliceVar(&opts.SourceNamespaces, "source-namespaces", []string{}, "List of source namespaces for applications") + command.Flags().StringArrayVar(&opts.destinationServiceAccounts, "dest-service-accounts", []string{}, + "Destination server, namespace and target service account (e.g. https://192.168.99.100:8443,default,default-sa)") } func getGroupKindList(values []string) []v1.GroupKind { @@ -93,6 +96,23 @@ func (opts *ProjectOpts) GetDestinations() []v1alpha1.ApplicationDestination { return destinations } +func (opts *ProjectOpts) GetDestinationServiceAccounts() []v1alpha1.ApplicationDestinationServiceAccount { + destinationServiceAccounts := make([]v1alpha1.ApplicationDestinationServiceAccount, 0) + for _, destStr := range opts.destinationServiceAccounts { + parts := strings.Split(destStr, ",") + if len(parts) != 3 { + log.Fatalf("Expected destination service account of the form: server,namespace, defaultServiceAccount. Received: %s", destStr) + } else { + destinationServiceAccounts = append(destinationServiceAccounts, v1alpha1.ApplicationDestinationServiceAccount{ + Server: parts[0], + Namespace: parts[1], + DefaultServiceAccount: parts[2], + }) + } + } + return destinationServiceAccounts +} + // GetSignatureKeys TODO: Get configured keys and emit warning when a key is specified that is not configured func (opts *ProjectOpts) GetSignatureKeys() []v1alpha1.SignatureKey { signatureKeys := make([]v1alpha1.SignatureKey, 0) @@ -166,6 +186,8 @@ func SetProjSpecOptions(flags *pflag.FlagSet, spec *v1alpha1.AppProjectSpec, pro spec.NamespaceResourceBlacklist = projOpts.GetDeniedNamespacedResources() case "source-namespaces": spec.SourceNamespaces = projOpts.GetSourceNamespaces() + case "dest-service-accounts": + spec.DestinationServiceAccounts = projOpts.GetDestinationServiceAccounts() } }) if flags.Changed("orphaned-resources") || flags.Changed("orphaned-resources-warn") { diff --git a/cmd/util/project_test.go b/cmd/util/project_test.go index bde59d0ab5e88..8c61ee714f2c0 100644 --- a/cmd/util/project_test.go +++ b/cmd/util/project_test.go @@ -5,6 +5,8 @@ import ( "github.com/stretchr/testify/assert" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func TestProjectOpts_ResourceLists(t *testing.T) { @@ -22,3 +24,27 @@ func TestProjectOpts_ResourceLists(t *testing.T) { []v1.GroupKind{{Group: "rbac.authorization.k8s.io", Kind: "ClusterRole"}}, opts.GetDeniedClusterResources(), ) } + +func TestProjectOpts_GetDestinationServiceAccounts(t *testing.T) { + opts := ProjectOpts{ + destinationServiceAccounts: []string{ + "https://192.168.99.100:8443,test-ns,test-sa", + "https://kubernetes.default.svc.local:6443,guestbook,guestbook-sa", + }, + } + + assert.ElementsMatch(t, + []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://192.168.99.100:8443", + Namespace: "test-ns", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.default.svc.local:6443", + Namespace: "guestbook", + DefaultServiceAccount: "guestbook-sa", + }, + }, opts.GetDestinationServiceAccounts(), + ) +} diff --git a/cmd/util/repo.go b/cmd/util/repo.go index b60c30a071311..6b822c6309f70 100644 --- a/cmd/util/repo.go +++ b/cmd/util/repo.go @@ -22,6 +22,7 @@ type RepoOptions struct { GithubAppPrivateKeyPath string GitHubAppEnterpriseBaseURL string Proxy string + NoProxy string GCPServiceAccountKeyPath string ForceHttpBasicAuth bool } @@ -44,6 +45,7 @@ func AddRepoFlags(command *cobra.Command, opts *RepoOptions) { command.Flags().StringVar(&opts.GithubAppPrivateKeyPath, "github-app-private-key-path", "", "private key of the GitHub Application") command.Flags().StringVar(&opts.GitHubAppEnterpriseBaseURL, "github-app-enterprise-base-url", "", "base url to use when using GitHub Enterprise (e.g. https://ghe.example.com/api/v3") command.Flags().StringVar(&opts.Proxy, "proxy", "", "use proxy to access repository") + command.Flags().StringVar(&opts.Proxy, "no-proxy", "", "don't access these targets via proxy") command.Flags().StringVar(&opts.GCPServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform") command.Flags().BoolVar(&opts.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force use of basic auth when connecting repository via HTTP") } diff --git a/cmpserver/apiclient/plugin.pb.go b/cmpserver/apiclient/plugin.pb.go index 29ebca3ae3afc..b6fb8fca109b9 100644 --- a/cmpserver/apiclient/plugin.pb.go +++ b/cmpserver/apiclient/plugin.pb.go @@ -11,6 +11,7 @@ import ( grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" + emptypb "google.golang.org/protobuf/types/known/emptypb" io "io" math "math" math_bits "math/bits" @@ -467,6 +468,54 @@ func (m *File) GetChunk() []byte { return nil } +// CheckPluginConfigurationResponse contains a list of plugin configuration flags. +type CheckPluginConfigurationResponse struct { + IsDiscoveryConfigured bool `protobuf:"varint,1,opt,name=isDiscoveryConfigured,proto3" json:"isDiscoveryConfigured,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CheckPluginConfigurationResponse) Reset() { *m = CheckPluginConfigurationResponse{} } +func (m *CheckPluginConfigurationResponse) String() string { return proto.CompactTextString(m) } +func (*CheckPluginConfigurationResponse) ProtoMessage() {} +func (*CheckPluginConfigurationResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_b21875a7079a06ed, []int{7} +} +func (m *CheckPluginConfigurationResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CheckPluginConfigurationResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CheckPluginConfigurationResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *CheckPluginConfigurationResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CheckPluginConfigurationResponse.Merge(m, src) +} +func (m *CheckPluginConfigurationResponse) XXX_Size() int { + return m.Size() +} +func (m *CheckPluginConfigurationResponse) XXX_DiscardUnknown() { + xxx_messageInfo_CheckPluginConfigurationResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_CheckPluginConfigurationResponse proto.InternalMessageInfo + +func (m *CheckPluginConfigurationResponse) GetIsDiscoveryConfigured() bool { + if m != nil { + return m.IsDiscoveryConfigured + } + return false +} + func init() { proto.RegisterType((*AppStreamRequest)(nil), "plugin.AppStreamRequest") proto.RegisterType((*ManifestRequestMetadata)(nil), "plugin.ManifestRequestMetadata") @@ -475,48 +524,54 @@ func init() { proto.RegisterType((*RepositoryResponse)(nil), "plugin.RepositoryResponse") proto.RegisterType((*ParametersAnnouncementResponse)(nil), "plugin.ParametersAnnouncementResponse") proto.RegisterType((*File)(nil), "plugin.File") + proto.RegisterType((*CheckPluginConfigurationResponse)(nil), "plugin.CheckPluginConfigurationResponse") } func init() { proto.RegisterFile("cmpserver/plugin/plugin.proto", fileDescriptor_b21875a7079a06ed) } var fileDescriptor_b21875a7079a06ed = []byte{ - // 576 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x94, 0xdd, 0x6e, 0x12, 0x4f, - 0x14, 0xc0, 0xbb, 0x85, 0xb6, 0x70, 0x68, 0xf2, 0x27, 0x93, 0x7f, 0x74, 0x25, 0x2d, 0xe2, 0x5e, - 0x18, 0x6e, 0x84, 0x04, 0xbd, 0x35, 0xb1, 0x55, 0x6c, 0xa3, 0xc1, 0x90, 0xa9, 0x37, 0x7a, 0x37, - 0x1d, 0x0e, 0x30, 0x76, 0x77, 0x66, 0x9c, 0x99, 0xdd, 0x04, 0xbd, 0xf1, 0x3d, 0x7c, 0x00, 0x5f, - 0xc5, 0x4b, 0x1f, 0xc1, 0xf4, 0x49, 0x0c, 0xb3, 0xbb, 0x40, 0x6c, 0x8b, 0x57, 0x7b, 0x3e, 0x7f, - 0x7b, 0xbe, 0x32, 0x70, 0xcc, 0x13, 0x6d, 0xd1, 0x64, 0x68, 0xfa, 0x3a, 0x4e, 0x67, 0x42, 0x16, - 0x9f, 0x9e, 0x36, 0xca, 0x29, 0xb2, 0x9f, 0x6b, 0xad, 0xe1, 0x4c, 0xb8, 0x79, 0x7a, 0xd9, 0xe3, - 0x2a, 0xe9, 0x33, 0x33, 0x53, 0xda, 0xa8, 0x4f, 0x5e, 0x78, 0xc2, 0x27, 0xfd, 0x6c, 0xd0, 0x37, - 0xa8, 0x55, 0x81, 0xf1, 0xa2, 0x70, 0xca, 0x2c, 0x36, 0xc4, 0x1c, 0x17, 0x7d, 0x0b, 0xa0, 0x79, - 0xa2, 0xf5, 0x85, 0x33, 0xc8, 0x12, 0x8a, 0x9f, 0x53, 0xb4, 0x8e, 0x3c, 0x87, 0x5a, 0x82, 0x8e, - 0x4d, 0x98, 0x63, 0x61, 0xd0, 0x09, 0xba, 0x8d, 0xc1, 0xc3, 0x5e, 0x51, 0xc4, 0x88, 0x49, 0x31, - 0x45, 0xeb, 0x8a, 0xd0, 0x51, 0x11, 0x76, 0xbe, 0x43, 0x57, 0x29, 0x24, 0x82, 0xea, 0x54, 0xc4, - 0x18, 0xee, 0xfa, 0xd4, 0xc3, 0x32, 0xf5, 0xb5, 0x88, 0xf1, 0x7c, 0x87, 0x7a, 0xdf, 0x69, 0x1d, - 0x0e, 0x4c, 0x8e, 0x88, 0x7e, 0x04, 0x70, 0xff, 0x0e, 0x2c, 0x09, 0xe1, 0x80, 0x69, 0xfd, 0x8e, - 0x25, 0xe8, 0x0b, 0xa9, 0xd3, 0x52, 0x25, 0x6d, 0x00, 0xa6, 0x35, 0xc5, 0x78, 0xcc, 0xdc, 0xdc, - 0xff, 0xaa, 0x4e, 0x37, 0x2c, 0xa4, 0x05, 0x35, 0x3e, 0x47, 0x7e, 0x65, 0xd3, 0x24, 0xac, 0x78, - 0xef, 0x4a, 0x27, 0x04, 0xaa, 0x56, 0x7c, 0xc1, 0xb0, 0xda, 0x09, 0xba, 0x15, 0xea, 0x65, 0x12, - 0x41, 0x05, 0x65, 0x16, 0xee, 0x75, 0x2a, 0xdd, 0xc6, 0xa0, 0x59, 0xd6, 0x3c, 0x94, 0xd9, 0x50, - 0x3a, 0xb3, 0xa0, 0x4b, 0x67, 0xf4, 0x0c, 0x6a, 0xa5, 0x61, 0xc9, 0x90, 0xeb, 0xb2, 0xbc, 0x4c, - 0xfe, 0x87, 0xbd, 0x8c, 0xc5, 0x29, 0x16, 0xe5, 0xe4, 0x4a, 0x34, 0x86, 0xe6, 0xba, 0x3d, 0xab, - 0x95, 0xb4, 0x48, 0x8e, 0xa0, 0x9e, 0x14, 0x36, 0x1b, 0x06, 0x9d, 0x4a, 0xb7, 0x4e, 0xd7, 0x86, - 0x65, 0x6f, 0x56, 0xa5, 0x86, 0xe3, 0xfb, 0x85, 0x2e, 0x61, 0x1b, 0x96, 0x68, 0x0a, 0x84, 0xae, - 0x16, 0xb9, 0x62, 0x76, 0xa0, 0x21, 0xec, 0x45, 0xaa, 0xb5, 0x32, 0x0e, 0x27, 0xbe, 0xb0, 0x1a, - 0xdd, 0x34, 0x91, 0x1e, 0x10, 0x61, 0x5f, 0x09, 0xcb, 0x55, 0x86, 0x66, 0x31, 0x94, 0xec, 0x32, - 0xc6, 0x89, 0xe7, 0xd7, 0xe8, 0x2d, 0x9e, 0xe8, 0x2b, 0xb4, 0xc7, 0xcc, 0xb0, 0x04, 0x1d, 0x1a, - 0x7b, 0x22, 0xa5, 0x4a, 0x25, 0xc7, 0x04, 0xe5, 0xba, 0x8f, 0x0f, 0x70, 0x4f, 0x97, 0x11, 0x9b, - 0x01, 0x79, 0x53, 0x8d, 0xc1, 0xa3, 0xde, 0xc6, 0xc5, 0x8d, 0x6f, 0x8b, 0xa4, 0x77, 0x00, 0xa2, - 0x23, 0xa8, 0x2e, 0x2f, 0x66, 0x39, 0x54, 0x3e, 0x4f, 0xe5, 0x95, 0x6f, 0xe8, 0x90, 0xe6, 0xca, - 0xe0, 0xfb, 0x2e, 0x1c, 0xbf, 0x54, 0x72, 0x2a, 0x66, 0x23, 0x26, 0xd9, 0xcc, 0xe7, 0x8c, 0xfd, - 0xce, 0x2e, 0xd0, 0x64, 0x82, 0x23, 0x79, 0x03, 0xcd, 0x33, 0x94, 0x68, 0x98, 0xc3, 0x72, 0xfc, - 0x24, 0x2c, 0xf7, 0xfa, 0xf7, 0xc9, 0xb7, 0xc2, 0x9b, 0x07, 0x9e, 0xb7, 0x18, 0xed, 0x74, 0x03, - 0xf2, 0x16, 0xfe, 0x1b, 0x31, 0xc7, 0xe7, 0xeb, 0xa9, 0x6f, 0x41, 0xb5, 0x4a, 0xcf, 0xcd, 0x1d, - 0x79, 0x18, 0x83, 0x07, 0x67, 0xe8, 0x6e, 0x1f, 0xec, 0x16, 0xec, 0xe3, 0xd2, 0xb3, 0x7d, 0x25, - 0xcb, 0x5f, 0x9c, 0xbe, 0xf8, 0x79, 0xdd, 0x0e, 0x7e, 0x5d, 0xb7, 0x83, 0xdf, 0xd7, 0xed, 0xe0, - 0xe3, 0xe0, 0x1f, 0x4f, 0xc5, 0xfa, 0xc1, 0x61, 0x5a, 0xf0, 0x58, 0xa0, 0x74, 0x97, 0xfb, 0xfe, - 0x79, 0x78, 0xfa, 0x27, 0x00, 0x00, 0xff, 0xff, 0x23, 0x88, 0x8e, 0xd3, 0x8e, 0x04, 0x00, 0x00, + // 650 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xc1, 0x6e, 0xd3, 0x4c, + 0x10, 0x8e, 0x9b, 0xb4, 0x4d, 0x26, 0x95, 0xfe, 0x68, 0xf5, 0x53, 0x4c, 0x68, 0x43, 0xf0, 0x01, + 0xe5, 0x82, 0x23, 0x85, 0x5e, 0x91, 0x68, 0x4b, 0x68, 0x05, 0x0a, 0x8a, 0xb6, 0x1c, 0x80, 0x03, + 0xd2, 0xc6, 0x99, 0x24, 0x4b, 0xed, 0xdd, 0x65, 0xbd, 0x8e, 0x14, 0xb8, 0xf0, 0x36, 0xbc, 0x0a, + 0x47, 0x1e, 0x01, 0xf5, 0x35, 0xb8, 0x20, 0xaf, 0xed, 0x24, 0xa2, 0x69, 0x7b, 0xf2, 0xcc, 0x7c, + 0xb3, 0xdf, 0x7e, 0xb3, 0x33, 0x63, 0x38, 0x0c, 0x22, 0x15, 0xa3, 0x9e, 0xa3, 0xee, 0xaa, 0x30, + 0x99, 0x72, 0x91, 0x7f, 0x7c, 0xa5, 0xa5, 0x91, 0x64, 0x27, 0xf3, 0x9a, 0xfd, 0x29, 0x37, 0xb3, + 0x64, 0xe4, 0x07, 0x32, 0xea, 0x32, 0x3d, 0x95, 0x4a, 0xcb, 0xcf, 0xd6, 0x78, 0x1a, 0x8c, 0xbb, + 0xf3, 0x5e, 0x57, 0xa3, 0x92, 0x39, 0x8d, 0x35, 0xb9, 0x91, 0x7a, 0xb1, 0x66, 0x66, 0x74, 0xcd, + 0x87, 0x53, 0x29, 0xa7, 0x21, 0x76, 0xad, 0x37, 0x4a, 0x26, 0x5d, 0x8c, 0x94, 0xc9, 0x41, 0xef, + 0xbb, 0x03, 0x8d, 0x63, 0xa5, 0x2e, 0x8c, 0x46, 0x16, 0x51, 0xfc, 0x92, 0x60, 0x6c, 0xc8, 0x73, + 0xa8, 0x46, 0x68, 0xd8, 0x98, 0x19, 0xe6, 0x3a, 0x6d, 0xa7, 0x53, 0xef, 0x3d, 0xf2, 0x73, 0x85, + 0x03, 0x26, 0xf8, 0x04, 0x63, 0x93, 0xa7, 0x0e, 0xf2, 0xb4, 0xf3, 0x12, 0x5d, 0x1e, 0x21, 0x1e, + 0x54, 0x26, 0x3c, 0x44, 0x77, 0xcb, 0x1e, 0xdd, 0x2b, 0x8e, 0xbe, 0xe2, 0x21, 0x9e, 0x97, 0xa8, + 0xc5, 0x4e, 0x6a, 0xb0, 0xab, 0x33, 0x0a, 0xef, 0x87, 0x03, 0xf7, 0x6f, 0xa0, 0x25, 0x2e, 0xec, + 0x32, 0xa5, 0xde, 0xb2, 0x08, 0xad, 0x90, 0x1a, 0x2d, 0x5c, 0xd2, 0x02, 0x60, 0x4a, 0x51, 0x0c, + 0x87, 0xcc, 0xcc, 0xec, 0x55, 0x35, 0xba, 0x16, 0x21, 0x4d, 0xa8, 0x06, 0x33, 0x0c, 0x2e, 0xe3, + 0x24, 0x72, 0xcb, 0x16, 0x5d, 0xfa, 0x84, 0x40, 0x25, 0xe6, 0x5f, 0xd1, 0xad, 0xb4, 0x9d, 0x4e, + 0x99, 0x5a, 0x9b, 0x78, 0x50, 0x46, 0x31, 0x77, 0xb7, 0xdb, 0xe5, 0x4e, 0xbd, 0xd7, 0x28, 0x34, + 0xf7, 0xc5, 0xbc, 0x2f, 0x8c, 0x5e, 0xd0, 0x14, 0xf4, 0x8e, 0xa0, 0x5a, 0x04, 0x52, 0x0e, 0xb1, + 0x92, 0x65, 0x6d, 0xf2, 0x3f, 0x6c, 0xcf, 0x59, 0x98, 0x60, 0x2e, 0x27, 0x73, 0xbc, 0x21, 0x34, + 0x56, 0xe5, 0xc5, 0x4a, 0x8a, 0x18, 0xc9, 0x01, 0xd4, 0xa2, 0x3c, 0x16, 0xbb, 0x4e, 0xbb, 0xdc, + 0xa9, 0xd1, 0x55, 0x20, 0xad, 0x2d, 0x96, 0x89, 0x0e, 0xf0, 0xdd, 0x42, 0x15, 0x64, 0x6b, 0x11, + 0x6f, 0x02, 0x84, 0x2e, 0xbb, 0xbc, 0xe4, 0x6c, 0x43, 0x9d, 0xc7, 0x17, 0x89, 0x52, 0x52, 0x1b, + 0x1c, 0x5b, 0x61, 0x55, 0xba, 0x1e, 0x22, 0x3e, 0x10, 0x1e, 0xbf, 0xe4, 0x71, 0x20, 0xe7, 0xa8, + 0x17, 0x7d, 0xc1, 0x46, 0x21, 0x8e, 0x2d, 0x7f, 0x95, 0x6e, 0x40, 0xbc, 0x6f, 0xd0, 0x1a, 0x32, + 0xcd, 0x22, 0x34, 0xa8, 0xe3, 0x63, 0x21, 0x64, 0x22, 0x02, 0x8c, 0x50, 0xac, 0xea, 0xf8, 0x00, + 0xfb, 0xaa, 0xc8, 0x58, 0x4f, 0xc8, 0x8a, 0xaa, 0xf7, 0x1e, 0xfb, 0x6b, 0xe3, 0x38, 0xdc, 0x94, + 0x49, 0x6f, 0x20, 0xf0, 0x0e, 0xa0, 0x92, 0x4e, 0x4c, 0xfa, 0xa8, 0xc1, 0x2c, 0x11, 0x97, 0xb6, + 0xa0, 0x3d, 0x9a, 0x39, 0xde, 0x7b, 0x68, 0x9f, 0xa6, 0xed, 0x1c, 0xda, 0x3e, 0x9d, 0x4a, 0x31, + 0xe1, 0xd3, 0x44, 0x33, 0xc3, 0xa5, 0x58, 0x8a, 0x3b, 0x82, 0x7b, 0x6b, 0x45, 0x15, 0x39, 0xcb, + 0xa7, 0xd9, 0x0c, 0xf6, 0xfe, 0x6c, 0xc1, 0x61, 0xe6, 0x0e, 0x98, 0x60, 0x53, 0xab, 0x26, 0xbb, + 0xe5, 0x02, 0xf5, 0x9c, 0x07, 0x48, 0x5e, 0x43, 0xe3, 0x0c, 0x05, 0x6a, 0x66, 0xb0, 0x68, 0x2c, + 0x71, 0x8b, 0x89, 0xf9, 0x77, 0x99, 0x9a, 0xee, 0xf5, 0xd5, 0xc9, 0xf4, 0x79, 0xa5, 0x8e, 0x43, + 0x3e, 0x81, 0x7b, 0x53, 0x1d, 0x64, 0xdf, 0xcf, 0x36, 0xd7, 0x2f, 0x36, 0xd7, 0xef, 0xa7, 0x9b, + 0xdb, 0xec, 0x14, 0x8c, 0x77, 0xbd, 0x80, 0x57, 0x22, 0x6f, 0xe0, 0xbf, 0x01, 0x33, 0xc1, 0x6c, + 0x35, 0x2f, 0xb7, 0x48, 0x6d, 0x16, 0xc8, 0xf5, 0xe9, 0xb2, 0x62, 0x19, 0x3c, 0x38, 0x43, 0xb3, + 0x79, 0x24, 0x6e, 0xa1, 0x7d, 0x52, 0x20, 0xb7, 0x0f, 0x53, 0x7a, 0xc5, 0xc9, 0x8b, 0x9f, 0x57, + 0x2d, 0xe7, 0xd7, 0x55, 0xcb, 0xf9, 0x7d, 0xd5, 0x72, 0x3e, 0xf6, 0xee, 0xf8, 0x03, 0xae, 0xfe, + 0xa3, 0x4c, 0xf1, 0x20, 0xe4, 0x28, 0xcc, 0x68, 0xc7, 0xbe, 0xd6, 0xb3, 0xbf, 0x01, 0x00, 0x00, + 0xff, 0xff, 0xb5, 0x6b, 0xca, 0xa6, 0x65, 0x05, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -534,6 +589,9 @@ type ConfigManagementPluginServiceClient interface { // GenerateManifests receive a stream containing a tgz archive with all required files necessary // to generate manifests GenerateManifest(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_GenerateManifestClient, error) + // CheckPluginConfiguration is a pre-flight request to check the plugin configuration + // without sending the whole repo. + CheckPluginConfiguration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*CheckPluginConfigurationResponse, error) // MatchRepository returns whether or not the given application is supported by the plugin MatchRepository(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_MatchRepositoryClient, error) // GetParametersAnnouncement gets a list of parameter announcements for the given app @@ -582,6 +640,15 @@ func (x *configManagementPluginServiceGenerateManifestClient) CloseAndRecv() (*M return m, nil } +func (c *configManagementPluginServiceClient) CheckPluginConfiguration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*CheckPluginConfigurationResponse, error) { + out := new(CheckPluginConfigurationResponse) + err := c.cc.Invoke(ctx, "/plugin.ConfigManagementPluginService/CheckPluginConfiguration", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *configManagementPluginServiceClient) MatchRepository(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_MatchRepositoryClient, error) { stream, err := c.cc.NewStream(ctx, &_ConfigManagementPluginService_serviceDesc.Streams[1], "/plugin.ConfigManagementPluginService/MatchRepository", opts...) if err != nil { @@ -655,6 +722,9 @@ type ConfigManagementPluginServiceServer interface { // GenerateManifests receive a stream containing a tgz archive with all required files necessary // to generate manifests GenerateManifest(ConfigManagementPluginService_GenerateManifestServer) error + // CheckPluginConfiguration is a pre-flight request to check the plugin configuration + // without sending the whole repo. + CheckPluginConfiguration(context.Context, *emptypb.Empty) (*CheckPluginConfigurationResponse, error) // MatchRepository returns whether or not the given application is supported by the plugin MatchRepository(ConfigManagementPluginService_MatchRepositoryServer) error // GetParametersAnnouncement gets a list of parameter announcements for the given app @@ -668,6 +738,9 @@ type UnimplementedConfigManagementPluginServiceServer struct { func (*UnimplementedConfigManagementPluginServiceServer) GenerateManifest(srv ConfigManagementPluginService_GenerateManifestServer) error { return status.Errorf(codes.Unimplemented, "method GenerateManifest not implemented") } +func (*UnimplementedConfigManagementPluginServiceServer) CheckPluginConfiguration(ctx context.Context, req *emptypb.Empty) (*CheckPluginConfigurationResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CheckPluginConfiguration not implemented") +} func (*UnimplementedConfigManagementPluginServiceServer) MatchRepository(srv ConfigManagementPluginService_MatchRepositoryServer) error { return status.Errorf(codes.Unimplemented, "method MatchRepository not implemented") } @@ -705,6 +778,24 @@ func (x *configManagementPluginServiceGenerateManifestServer) Recv() (*AppStream return m, nil } +func _ConfigManagementPluginService_CheckPluginConfiguration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ConfigManagementPluginServiceServer).CheckPluginConfiguration(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/plugin.ConfigManagementPluginService/CheckPluginConfiguration", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ConfigManagementPluginServiceServer).CheckPluginConfiguration(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + func _ConfigManagementPluginService_MatchRepository_Handler(srv interface{}, stream grpc.ServerStream) error { return srv.(ConfigManagementPluginServiceServer).MatchRepository(&configManagementPluginServiceMatchRepositoryServer{stream}) } @@ -760,7 +851,12 @@ func (x *configManagementPluginServiceGetParametersAnnouncementServer) Recv() (* var _ConfigManagementPluginService_serviceDesc = grpc.ServiceDesc{ ServiceName: "plugin.ConfigManagementPluginService", HandlerType: (*ConfigManagementPluginServiceServer)(nil), - Methods: []grpc.MethodDesc{}, + Methods: []grpc.MethodDesc{ + { + MethodName: "CheckPluginConfiguration", + Handler: _ConfigManagementPluginService_CheckPluginConfiguration_Handler, + }, + }, Streams: []grpc.StreamDesc{ { StreamName: "GenerateManifest", @@ -1132,6 +1228,43 @@ func (m *File) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *CheckPluginConfigurationResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CheckPluginConfigurationResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CheckPluginConfigurationResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.IsDiscoveryConfigured { + i-- + if m.IsDiscoveryConfigured { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + func encodeVarintPlugin(dAtA []byte, offset int, v uint64) int { offset -= sovPlugin(v) base := offset @@ -1309,6 +1442,21 @@ func (m *File) Size() (n int) { return n } +func (m *CheckPluginConfigurationResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.IsDiscoveryConfigured { + n += 2 + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func sovPlugin(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -2127,6 +2275,77 @@ func (m *File) Unmarshal(dAtA []byte) error { } return nil } +func (m *CheckPluginConfigurationResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPlugin + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CheckPluginConfigurationResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CheckPluginConfigurationResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field IsDiscoveryConfigured", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPlugin + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.IsDiscoveryConfigured = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipPlugin(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthPlugin + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipPlugin(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index bc710b779b6d5..ee00f66ad9ecf 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -9,18 +9,18 @@ import ( "os" "os/exec" "path/filepath" - "strconv" "strings" "time" - "unicode" "github.com/argoproj/pkg/rand" + "github.com/golang/protobuf/ptypes/empty" "github.com/argoproj/argo-cd/v2/cmpserver/apiclient" "github.com/argoproj/argo-cd/v2/common" repoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/buffered_context" "github.com/argoproj/argo-cd/v2/util/cmp" + argoexec "github.com/argoproj/argo-cd/v2/util/exec" "github.com/argoproj/argo-cd/v2/util/io/files" "github.com/argoproj/gitops-engine/pkg/utils/kube" @@ -76,7 +76,7 @@ func runCommand(ctx context.Context, command Command, path string, env []string) } logCtx := log.WithFields(log.Fields{"execID": execId}) - argsToLog := getCommandArgsToLog(cmd) + argsToLog := argoexec.GetCommandArgsToLog(cmd) logCtx.WithFields(log.Fields{"dir": cmd.Dir}).Info(argsToLog) var stdout bytes.Buffer @@ -135,28 +135,6 @@ func runCommand(ctx context.Context, command Command, path string, env []string) return strings.TrimSuffix(output, "\n"), nil } -// getCommandArgsToLog represents the given command in a way that we can copy-and-paste into a terminal -func getCommandArgsToLog(cmd *exec.Cmd) string { - var argsToLog []string - for _, arg := range cmd.Args { - containsSpace := false - for _, r := range arg { - if unicode.IsSpace(r) { - containsSpace = true - break - } - } - if containsSpace { - // add quotes and escape any internal quotes - argsToLog = append(argsToLog, strconv.Quote(arg)) - } else { - argsToLog = append(argsToLog, arg) - } - } - args := strings.Join(argsToLog, " ") - return args -} - type CmdError struct { Args string Stderr string @@ -446,3 +424,15 @@ func getParametersAnnouncement(ctx context.Context, appDir string, announcements } return repoResponse, nil } + +func (s *Service) CheckPluginConfiguration(ctx context.Context, _ *empty.Empty) (*apiclient.CheckPluginConfigurationResponse, error) { + isDiscoveryConfigured := s.isDiscoveryConfigured() + response := &apiclient.CheckPluginConfigurationResponse{IsDiscoveryConfigured: isDiscoveryConfigured} + + return response, nil +} + +func (s *Service) isDiscoveryConfigured() (isDiscoveryConfigured bool) { + config := s.initConstants.PluginConfig + return config.Spec.Discover.FileName != "" || config.Spec.Discover.Find.Glob != "" || len(config.Spec.Discover.Find.Command.Command) > 0 +} diff --git a/cmpserver/plugin/plugin.proto b/cmpserver/plugin/plugin.proto index 16d4268d5939f..6f5b0d0cbf7b6 100644 --- a/cmpserver/plugin/plugin.proto +++ b/cmpserver/plugin/plugin.proto @@ -4,6 +4,7 @@ option go_package = "github.com/argoproj/argo-cd/v2/cmpserver/apiclient"; package plugin; import "github.com/argoproj/argo-cd/v2/reposerver/repository/repository.proto"; +import "google/protobuf/empty.proto"; // AppStreamRequest is the request object used to send the application's // files over a stream. @@ -57,6 +58,11 @@ message File { bytes chunk = 1; } +// CheckPluginConfigurationResponse contains a list of plugin configuration flags. +message CheckPluginConfigurationResponse { + bool isDiscoveryConfigured = 1; +} + // ConfigManagementPlugin Service service ConfigManagementPluginService { // GenerateManifests receive a stream containing a tgz archive with all required files necessary @@ -64,6 +70,11 @@ service ConfigManagementPluginService { rpc GenerateManifest(stream AppStreamRequest) returns (ManifestResponse) { } + // CheckPluginConfiguration is a pre-flight request to check the plugin configuration + // without sending the whole repo. + rpc CheckPluginConfiguration(google.protobuf.Empty) returns (CheckPluginConfigurationResponse) { + } + // MatchRepository returns whether or not the given application is supported by the plugin rpc MatchRepository(stream AppStreamRequest) returns (RepositoryResponse) { } diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index c5f431a8fad42..05001c31b3837 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -6,12 +6,12 @@ import ( "fmt" "io" "os" - "os/exec" "path" "path/filepath" "testing" "time" + "github.com/golang/protobuf/ptypes/empty" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/grpc/metadata" @@ -532,6 +532,76 @@ func TestEnviron(t *testing.T) { }) } +func TestIsDiscoveryConfigured(t *testing.T) { + type fixture struct { + service *Service + } + setup := func(t *testing.T, opts ...pluginOpt) *fixture { + t.Helper() + cic := buildPluginConfig(opts...) + s := NewService(*cic) + return &fixture{ + service: s, + } + } + t.Run("discovery is enabled when is configured by FileName", func(t *testing.T) { + // given + d := Discover{ + FileName: "kustomization.yaml", + } + f := setup(t, withDiscover(d)) + + // when + isDiscoveryConfigured := f.service.isDiscoveryConfigured() + + // then + assert.True(t, isDiscoveryConfigured) + }) + t.Run("discovery is enabled when is configured by Glob", func(t *testing.T) { + // given + d := Discover{ + Find: Find{ + Glob: "**/*/plugin.yaml", + }, + } + f := setup(t, withDiscover(d)) + + // when + isDiscoveryConfigured := f.service.isDiscoveryConfigured() + + // then + assert.True(t, isDiscoveryConfigured) + }) + t.Run("discovery is enabled when is configured by Command", func(t *testing.T) { + // given + d := Discover{ + Find: Find{ + Command: Command{ + Command: []string{"echo", "test"}, + }, + }, + } + f := setup(t, withDiscover(d)) + + // when + isDiscoveryConfigured := f.service.isDiscoveryConfigured() + + // then + assert.True(t, isDiscoveryConfigured) + }) + t.Run("discovery is disabled when discover is not configured", func(t *testing.T) { + // given + d := Discover{} + f := setup(t, withDiscover(d)) + + // when + isDiscoveryConfigured := f.service.isDiscoveryConfigured() + + // then + assert.False(t, isDiscoveryConfigured) + }) +} + type MockGenerateManifestStream struct { metadataSent bool fileSent bool @@ -779,29 +849,43 @@ func TestService_GetParametersAnnouncement(t *testing.T) { }) } -func Test_getCommandArgsToLog(t *testing.T) { - testCases := []struct { - name string - args []string - expected string - }{ - { - name: "no spaces", - args: []string{"sh", "-c", "cat"}, - expected: "sh -c cat", - }, - { - name: "spaces", - args: []string{"sh", "-c", `echo "hello world"`}, - expected: `sh -c "echo \"hello world\""`, - }, +func TestService_CheckPluginConfiguration(t *testing.T) { + type fixture struct { + service *Service } - - for _, tc := range testCases { - tcc := tc - t.Run(tcc.name, func(t *testing.T) { - t.Parallel() - assert.Equal(t, tcc.expected, getCommandArgsToLog(exec.Command(tcc.args[0], tcc.args[1:]...))) - }) + setup := func(t *testing.T, opts ...pluginOpt) *fixture { + t.Helper() + cic := buildPluginConfig(opts...) + s := NewService(*cic) + return &fixture{ + service: s, + } } + t.Run("discovery is enabled when is configured", func(t *testing.T) { + // given + d := Discover{ + FileName: "kustomization.yaml", + } + f := setup(t, withDiscover(d)) + + // when + resp, err := f.service.CheckPluginConfiguration(context.Background(), &empty.Empty{}) + + // then + require.NoError(t, err) + assert.True(t, resp.IsDiscoveryConfigured) + }) + + t.Run("discovery is disabled when is not configured", func(t *testing.T) { + // given + d := Discover{} + f := setup(t, withDiscover(d)) + + // when + resp, err := f.service.CheckPluginConfiguration(context.Background(), &empty.Empty{}) + + // then + require.NoError(t, err) + assert.False(t, resp.IsDiscoveryConfigured) + }) } diff --git a/common/common.go b/common/common.go index d3b43828fe761..d09842f656271 100644 --- a/common/common.go +++ b/common/common.go @@ -1,15 +1,20 @@ package common import ( - "errors" + "context" + "fmt" "os" "path/filepath" "strconv" "time" + "github.com/pkg/errors" + "github.com/redis/go-redis/v9" "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" ) // Component names @@ -42,6 +47,7 @@ const ( ArgoCDGPGKeysConfigMapName = "argocd-gpg-keys-cm" // ArgoCDAppControllerShardConfigMapName contains the application controller to shard mapping ArgoCDAppControllerShardConfigMapName = "argocd-app-controller-shard-cm" + ArgoCDCmdParamsConfigMapName = "argocd-cmd-params-cm" ) // Some default configurables @@ -182,6 +188,7 @@ const ( // AnnotationKeyAppInstance is the Argo CD application name is used as the instance name AnnotationKeyAppInstance = "argocd.argoproj.io/tracking-id" + AnnotationInstallationID = "argocd.argoproj.io/installation-id" // AnnotationCompareOptions is a comma-separated list of options for comparison AnnotationCompareOptions = "argocd.argoproj.io/compare-options" @@ -236,7 +243,7 @@ const ( EnvGitRetryMaxDuration = "ARGOCD_GIT_RETRY_MAX_DURATION" // EnvGitRetryDuration specifies duration of git remote operation retry EnvGitRetryDuration = "ARGOCD_GIT_RETRY_DURATION" - // EnvGitRetryFactor specifies fator of git remote operation retry + // EnvGitRetryFactor specifies factor of git remote operation retry EnvGitRetryFactor = "ARGOCD_GIT_RETRY_FACTOR" // EnvGitSubmoduleEnabled overrides git submodule support, true by default EnvGitSubmoduleEnabled = "ARGOCD_GIT_MODULES_ENABLED" @@ -435,6 +442,33 @@ var TokenVerificationErr = errors.New(TokenVerificationError) var PermissionDeniedAPIError = status.Error(codes.PermissionDenied, "permission denied") +// Redis password consts +const ( + DefaultRedisInitialPasswordSecretName = "argocd-redis" + DefaultRedisInitialPasswordKey = "auth" +) + +/* +SetOptionalRedisPasswordFromKubeConfig sets the optional Redis password if it exists in the k8s namespace's secrets. + +We specify kubeClient as kubernetes.Interface to allow for mocking in tests, but this should be treated as a kubernetes.Clientset param. +*/ +func SetOptionalRedisPasswordFromKubeConfig(ctx context.Context, kubeClient kubernetes.Interface, namespace string, redisOptions *redis.Options) error { + secret, err := kubeClient.CoreV1().Secrets(namespace).Get(ctx, DefaultRedisInitialPasswordSecretName, v1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to get secret %s/%s: %w", namespace, DefaultRedisInitialPasswordSecretName, err) + } + if secret == nil { + return fmt.Errorf("failed to get secret %s/%s: secret is nil", namespace, DefaultRedisInitialPasswordSecretName) + } + _, ok := secret.Data[DefaultRedisInitialPasswordKey] + if !ok { + return fmt.Errorf("secret %s/%s does not contain key %s", namespace, DefaultRedisInitialPasswordSecretName, DefaultRedisInitialPasswordKey) + } + redisOptions.Password = string(secret.Data[DefaultRedisInitialPasswordKey]) + return nil +} + // CF Event reporter constants const ( EventReporterLegacyShardingAlgorithm = "legacy" diff --git a/common/common_test.go b/common/common_test.go index 5632c1e7a78cc..1021a30a14f60 100644 --- a/common/common_test.go +++ b/common/common_test.go @@ -1,12 +1,18 @@ package common import ( + "context" "fmt" "os" "testing" "time" + "github.com/redis/go-redis/v9" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kubefake "k8s.io/client-go/kubernetes/fake" ) // Test env var not set for EnvGRPCKeepAliveMin @@ -44,3 +50,63 @@ func Test_GRPCKeepAliveMinIncorrectlySet(t *testing.T) { grpcKeepAliveTime := GetGRPCKeepAliveTime() assert.Equal(t, 2*grpcKeepAliveExpectedMin, grpcKeepAliveTime) } + +func TestSetOptionalRedisPasswordFromKubeConfig(t *testing.T) { + t.Parallel() + testCases := []struct { + name, namespace, expectedPassword, expectedErr string + secret *corev1.Secret + }{ + { + name: "Secret exists with correct key", + namespace: "default", + expectedPassword: "password123", + expectedErr: "", + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: DefaultRedisInitialPasswordSecretName}, + Data: map[string][]byte{DefaultRedisInitialPasswordKey: []byte("password123")}, + }, + }, + { + name: "Secret does not exist", + namespace: "default", + expectedPassword: "", + expectedErr: fmt.Sprintf("failed to get secret default/%s", DefaultRedisInitialPasswordSecretName), + secret: nil, + }, + { + name: "Secret exists without correct key", + namespace: "default", + expectedPassword: "", + expectedErr: fmt.Sprintf("secret default/%s does not contain key %s", DefaultRedisInitialPasswordSecretName, DefaultRedisInitialPasswordKey), + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: DefaultRedisInitialPasswordSecretName}, + Data: map[string][]byte{}, + }, + }, + } + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + var ( + ctx = context.TODO() + kubeClient = kubefake.NewSimpleClientset() + redisOptions = &redis.Options{} + ) + if tc.secret != nil { + if _, err := kubeClient.CoreV1().Secrets(tc.namespace).Create(ctx, tc.secret, metav1.CreateOptions{}); err != nil { + t.Fatalf("Failed to create secret: %v", err) + } + } + err := SetOptionalRedisPasswordFromKubeConfig(ctx, kubeClient, tc.namespace, redisOptions) + if tc.expectedErr != "" { + require.Error(t, err) + require.Contains(t, err.Error(), tc.expectedErr) + } else { + require.NoError(t, err) + } + require.Equal(t, tc.expectedPassword, redisOptions.Password) + }) + } +} diff --git a/controller/appcontroller.go b/controller/appcontroller.go index bf0cae397ccb7..f36366e56ed44 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -56,6 +56,7 @@ import ( argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/env" + "github.com/argoproj/argo-cd/v2/util/stats" kubeerrors "k8s.io/apimachinery/pkg/api/errors" @@ -115,11 +116,11 @@ type ApplicationController struct { applicationClientset appclientset.Interface auditLogger *argo.AuditLogger // queue contains app namespace/name - appRefreshQueue workqueue.RateLimitingInterface + appRefreshQueue workqueue.TypedRateLimitingInterface[string] // queue contains app namespace/name/comparisonType and used to request app refresh with the predefined comparison type - appComparisonTypeRefreshQueue workqueue.RateLimitingInterface - appOperationQueue workqueue.RateLimitingInterface - projectRefreshQueue workqueue.RateLimitingInterface + appComparisonTypeRefreshQueue workqueue.TypedRateLimitingInterface[string] + appOperationQueue workqueue.TypedRateLimitingInterface[string] + projectRefreshQueue workqueue.TypedRateLimitingInterface[string] appInformer cache.SharedIndexInformer appLister applisters.ApplicationLister projInformer cache.SharedIndexInformer @@ -129,6 +130,7 @@ type ApplicationController struct { statusHardRefreshTimeout time.Duration statusRefreshJitter time.Duration selfHealTimeout time.Duration + selfHealBackOff *wait.Backoff repoClientset apiclient.Clientset db db.ArgoDB settingsMgr *settings_util.SettingsManager @@ -159,10 +161,12 @@ func NewApplicationController( appHardResyncPeriod time.Duration, appResyncJitter time.Duration, selfHealTimeout time.Duration, + selfHealBackoff *wait.Backoff, repoErrorGracePeriod time.Duration, metricsPort int, metricsCacheExpiration time.Duration, metricsApplicationLabels []string, + metricsApplicationConditions []string, kubectlParallelismLimit int64, persistResourceHealth bool, clusterSharding sharding.ClusterShardingCache, @@ -171,6 +175,7 @@ func NewApplicationController( serverSideDiff bool, dynamicClusterDistributionEnabled bool, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, + enableK8sEvent []string, ) (*ApplicationController, error) { log.Infof("appResyncPeriod=%v, appHardResyncPeriod=%v, appResyncJitter=%v", appResyncPeriod, appHardResyncPeriod, appResyncJitter) db := db.NewDB(namespace, settingsMgr, kubeClientset) @@ -185,19 +190,20 @@ func NewApplicationController( kubectl: kubectl, applicationClientset: applicationClientset, repoClientset: repoClientset, - appRefreshQueue: workqueue.NewNamedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), "app_reconciliation_queue"), - appOperationQueue: workqueue.NewNamedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), "app_operation_processing_queue"), - projectRefreshQueue: workqueue.NewNamedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), "project_reconciliation_queue"), - appComparisonTypeRefreshQueue: workqueue.NewRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig)), + appRefreshQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_reconciliation_queue"}), + appOperationQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_operation_processing_queue"}), + projectRefreshQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "project_reconciliation_queue"}), + appComparisonTypeRefreshQueue: workqueue.NewTypedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig)), db: db, statusRefreshTimeout: appResyncPeriod, statusHardRefreshTimeout: appHardResyncPeriod, statusRefreshJitter: appResyncJitter, refreshRequestedApps: make(map[string]CompareWith), refreshRequestedAppsMutex: &sync.Mutex{}, - auditLogger: argo.NewAuditLogger(namespace, kubeClientset, common.ApplicationController), + auditLogger: argo.NewAuditLogger(namespace, kubeClientset, common.ApplicationController, enableK8sEvent), settingsMgr: settingsMgr, selfHealTimeout: selfHealTimeout, + selfHealBackOff: selfHealBackoff, clusterSharding: clusterSharding, projByNameCache: sync.Map{}, applicationNamespaces: applicationNamespaces, @@ -278,7 +284,7 @@ func NewApplicationController( metricsAddr := fmt.Sprintf("0.0.0.0:%d", metricsPort) - ctrl.metricsServer, err = metrics.NewMetricsServer(metricsAddr, appLister, ctrl.canProcessApp, readinessHealthCheck, metricsApplicationLabels) + ctrl.metricsServer, err = metrics.NewMetricsServer(metricsAddr, appLister, ctrl.canProcessApp, readinessHealthCheck, metricsApplicationLabels, metricsApplicationConditions) if err != nil { return nil, err } @@ -453,19 +459,32 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b // setAppManagedResources will build a list of ResourceDiff based on the provided comparisonResult // and persist app resources related data in the cache. Will return the persisted ApplicationTree. func (ctrl *ApplicationController) setAppManagedResources(a *appv1.Application, comparisonResult *comparisonResult) (*appv1.ApplicationTree, error) { + ts := stats.NewTimingStats() + defer func() { + logCtx := getAppLog(a) + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } + logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) + logCtx.Debug("Finished setting app managed resources") + }() managedResources, err := ctrl.hideSecretData(a, comparisonResult) + ts.AddCheckpoint("hide_secret_data_ms") if err != nil { return nil, fmt.Errorf("error getting managed resources: %w", err) } tree, err := ctrl.getResourceTree(a, managedResources) + ts.AddCheckpoint("get_resource_tree_ms") if err != nil { return nil, fmt.Errorf("error getting resource tree: %w", err) } err = ctrl.cache.SetAppResourcesTree(a.InstanceName(ctrl.namespace), tree) + ts.AddCheckpoint("set_app_resources_tree_ms") if err != nil { return nil, fmt.Errorf("error setting app resource tree: %w", err) } err = ctrl.cache.SetAppManagedResources(a.InstanceName(ctrl.namespace), managedResources) + ts.AddCheckpoint("set_app_managed_resources_ms") if err != nil { return nil, fmt.Errorf("error setting app managed resources: %w", err) } @@ -497,8 +516,18 @@ func isKnownOrphanedResourceExclusion(key kube.ResourceKey, proj *appv1.AppProje } func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managedResources []*appv1.ResourceDiff) (*appv1.ApplicationTree, error) { + ts := stats.NewTimingStats() + defer func() { + logCtx := getAppLog(a) + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } + logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) + logCtx.Debug("Finished getting resource tree") + }() nodes := make([]appv1.ResourceNode, 0) proj, err := ctrl.getAppProj(a) + ts.AddCheckpoint("get_app_proj_ms") if err != nil { return nil, fmt.Errorf("failed to get project: %w", err) } @@ -512,6 +541,8 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed } warnOrphaned = proj.Spec.OrphanedResources.IsWarn() } + ts.AddCheckpoint("get_orphaned_resources_ms") + managedResourcesKeys := make([]kube.ResourceKey, 0) for i := range managedResources { managedResource := managedResources[i] delete(orphanedNodesMap, kube.NewResourceKey(managedResource.Group, managedResource.Kind, managedResource.Namespace, managedResource.Name)) @@ -546,56 +577,61 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed nodes = append(nodes, newNode) } else { - err := ctrl.stateCache.IterateHierarchy(a.Spec.Destination.Server, kube.GetResourceKey(live), func(child appv1.ResourceNode, appName string) bool { - permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) { - clusters, err := ctrl.db.GetProjectClusters(context.TODO(), project) - if err != nil { - return nil, fmt.Errorf("failed to get project clusters: %w", err) - } - return clusters, nil - }) - if !permitted { - return false - } - nodes = append(nodes, child) - return true - }) + managedResourcesKeys = append(managedResourcesKeys, kube.GetResourceKey(live)) + } + } + err = ctrl.stateCache.IterateHierarchyV2(a.Spec.Destination.Server, managedResourcesKeys, func(child appv1.ResourceNode, appName string) bool { + permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) { + clusters, err := ctrl.db.GetProjectClusters(context.TODO(), project) if err != nil { - return nil, fmt.Errorf("failed to iterate resource hierarchy: %w", err) + return nil, fmt.Errorf("failed to get project clusters: %w", err) } + return clusters, nil + }) + if !permitted { + return false } + nodes = append(nodes, child) + return true + }) + if err != nil { + return nil, fmt.Errorf("failed to iterate resource hierarchy v2: %w", err) } + ts.AddCheckpoint("process_managed_resources_ms") orphanedNodes := make([]appv1.ResourceNode, 0) + orphanedNodesKeys := make([]kube.ResourceKey, 0) for k := range orphanedNodesMap { if k.Namespace != "" && proj.IsGroupKindPermitted(k.GroupKind(), true) && !isKnownOrphanedResourceExclusion(k, proj) { - err := ctrl.stateCache.IterateHierarchy(a.Spec.Destination.Server, k, func(child appv1.ResourceNode, appName string) bool { - belongToAnotherApp := false - if appName != "" { - appKey := ctrl.toAppKey(appName) - if _, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey); exists && err == nil { - belongToAnotherApp = true - } - } + orphanedNodesKeys = append(orphanedNodesKeys, k) + } + } + err = ctrl.stateCache.IterateHierarchyV2(a.Spec.Destination.Server, orphanedNodesKeys, func(child appv1.ResourceNode, appName string) bool { + belongToAnotherApp := false + if appName != "" { + appKey := ctrl.toAppKey(appName) + if _, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey); exists && err == nil { + belongToAnotherApp = true + } + } - if belongToAnotherApp { - return false - } + if belongToAnotherApp { + return false + } - permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) { - return ctrl.db.GetProjectClusters(context.TODO(), project) - }) + permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) { + return ctrl.db.GetProjectClusters(context.TODO(), project) + }) - if !permitted { - return false - } - orphanedNodes = append(orphanedNodes, child) - return true - }) - if err != nil { - return nil, err - } + if !permitted { + return false } + orphanedNodes = append(orphanedNodes, child) + return true + }) + if err != nil { + return nil, err } + var conditions []appv1.ApplicationCondition if len(orphanedNodes) > 0 && warnOrphaned { conditions = []appv1.ApplicationCondition{{ @@ -607,15 +643,26 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed sort.Slice(orphanedNodes, func(i, j int) bool { return orphanedNodes[i].ResourceRef.String() < orphanedNodes[j].ResourceRef.String() }) + ts.AddCheckpoint("process_orphaned_resources_ms") hosts, err := ctrl.getAppHosts(a, nodes) if err != nil { return nil, fmt.Errorf("failed to get app hosts: %w", err) } + ts.AddCheckpoint("get_app_hosts_ms") return &appv1.ApplicationTree{Nodes: nodes, OrphanedNodes: orphanedNodes, Hosts: hosts}, nil } func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes []appv1.ResourceNode) ([]appv1.HostInfo, error) { + ts := stats.NewTimingStats() + defer func() { + logCtx := getAppLog(a) + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } + logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) + logCtx.Debug("Finished getting app hosts") + }() supportedResourceNames := map[v1.ResourceName]bool{ v1.ResourceCPU: true, v1.ResourceStorage: true, @@ -645,6 +692,7 @@ func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes [] } } }) + ts.AddCheckpoint("iterate_resources_ms") if err != nil { return nil, err } @@ -700,6 +748,7 @@ func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes [] }) hosts = append(hosts, appv1.HostInfo{Name: nodeName, SystemInfo: node.SystemInfo, ResourcesInfo: resourcesInfo}) } + ts.AddCheckpoint("process_app_pods_by_node_ms") return hosts, nil } @@ -875,10 +924,8 @@ func (ctrl *ApplicationController) requestAppRefresh(appName string, compareWith } if after != nil { ctrl.appRefreshQueue.AddAfter(key, *after) - ctrl.appOperationQueue.AddAfter(key, *after) } else { ctrl.appRefreshQueue.AddRateLimited(key) - ctrl.appOperationQueue.AddRateLimited(key) } } } @@ -907,7 +954,7 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b ctrl.appOperationQueue.Done(appKey) }() - obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey.(string)) + obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey) if err != nil { log.Errorf("Failed to get application '%s' from informer index: %+v", appKey, err) return @@ -922,6 +969,15 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b return } app := origApp.DeepCopy() + logCtx := getAppLog(app) + ts := stats.NewTimingStats() + defer func() { + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } + logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) + logCtx.Debug("Finished processing app operation queue item") + }() if app.Operation != nil { // If we get here, we are about to process an operation, but we cannot rely on informer since it might have stale data. @@ -934,9 +990,11 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b } app = freshApp } + ts.AddCheckpoint("get_fresh_app_ms") if app.Operation != nil { ctrl.processRequestedAppOperation(app) + ts.AddCheckpoint("process_requested_app_operation_ms") } else if app.DeletionTimestamp != nil { if err = ctrl.finalizeApplicationDeletion(app, func(project string) ([]*appv1.Cluster, error) { return ctrl.db.GetProjectClusters(context.Background(), project) @@ -948,6 +1006,7 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b message := fmt.Sprintf("Unable to delete application resources: %v", err.Error()) ctrl.logAppEvent(app, argo.EventInfo{Reason: argo.EventReasonStatusRefreshed, Type: v1.EventTypeWarning}, message, context.TODO()) } + ts.AddCheckpoint("finalize_application_deletion_ms") } return } @@ -967,8 +1026,8 @@ func (ctrl *ApplicationController) processAppComparisonTypeQueueItem() (processN return } - if parts := strings.Split(key.(string), "/"); len(parts) != 3 { - log.Warnf("Unexpected key format in appComparisonTypeRefreshTypeQueue. Key should consists of namespace/name/comparisonType but got: %s", key.(string)) + if parts := strings.Split(key, "/"); len(parts) != 3 { + log.Warnf("Unexpected key format in appComparisonTypeRefreshTypeQueue. Key should consists of namespace/name/comparisonType but got: %s", key) } else { if compareWith, err := strconv.Atoi(parts[2]); err != nil { log.Warnf("Unable to parse comparison type: %v", err) @@ -994,7 +1053,7 @@ func (ctrl *ApplicationController) processProjectQueueItem() (processNext bool) processNext = false return } - obj, exists, err := ctrl.projInformer.GetIndexer().GetByKey(key.(string)) + obj, exists, err := ctrl.projInformer.GetIndexer().GetByKey(key) if err != nil { log.Errorf("Failed to get project '%s' from informer index: %+v", key, err) return @@ -1280,6 +1339,14 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli ctrl.setOperationState(app, state) } }() + ts := stats.NewTimingStats() + defer func() { + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } + logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) + logCtx.Debug("Finished processing requested app operation") + }() terminating := false if isOperationInProgress(app) { state = app.Status.OperationState.DeepCopy() @@ -1314,6 +1381,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli ctrl.setOperationState(app, state) logCtx.Infof("Initialized new operation: %v", *app.Operation) } + ts.AddCheckpoint("initial_operation_stage_ms") if err := argo.ValidateDestination(context.Background(), &app.Spec.Destination, ctrl.db); err != nil { state.Phase = synccommon.OperationFailed @@ -1321,9 +1389,11 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli } else { ctrl.appStateManager.SyncAppState(app, state) } + ts.AddCheckpoint("validate_and_sync_app_state_ms") // Check whether application is allowed to use project _, err := ctrl.getAppProj(app) + ts.AddCheckpoint("get_app_proj_ms") if err != nil { state.Phase = synccommon.OperationError state.Message = err.Error() @@ -1366,6 +1436,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli } ctrl.setOperationState(app, state) + ts.AddCheckpoint("final_set_operation_state") if state.Phase.Completed() && (app.Operation.Sync != nil && !app.Operation.Sync.DryRun) { // if we just completed an operation, force a refresh so that UI will report up-to-date // sync/health information @@ -1376,6 +1447,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli logCtx.Warnf("Fails to requeue application: %v", err) } } + ts.AddCheckpoint("request_app_refresh_ms") } func (ctrl *ApplicationController) setOperationState(app *appv1.Application, state *appv1.OperationState) { @@ -1488,9 +1560,12 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo if r := recover(); r != nil { log.Errorf("Recovered from panic: %+v\n%s", r, debug.Stack()) } + // We want to have app operation update happen after the sync, so there's no race condition + // and app updates not proceeding. See https://github.com/argoproj/argo-cd/issues/18500. + ctrl.appOperationQueue.AddRateLimited(appKey) ctrl.appRefreshQueue.Done(appKey) }() - obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey.(string)) + obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey) if err != nil { log.Errorf("Failed to get application '%s' from informer index: %+v", appKey, err) return @@ -1520,9 +1595,13 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo }) startTime := time.Now() + ts := stats.NewTimingStats() defer func() { reconcileDuration := time.Since(startTime) ctrl.metricsServer.IncReconcile(origApp, reconcileDuration) + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } logCtx.WithFields(log.Fields{ "time_ms": reconcileDuration.Milliseconds(), "patch_ms": patchMs.Milliseconds(), @@ -1548,8 +1627,10 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo return } } + ts.AddCheckpoint("comparison_with_nothing_ms") project, hasErrors := ctrl.refreshAppConditions(app) + ts.AddCheckpoint("refresh_app_conditions_ms") if hasErrors { app.Status.Sync.Status = appv1.SyncStatusCodeUnknown app.Status.Health.Status = health.HealthStatusUnknown @@ -1561,6 +1642,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo if err := ctrl.cache.SetAppManagedResources(app.InstanceName(ctrl.namespace), nil); err != nil { logCtx.Warnf("failed to set app managed resources tree: %v", err) } + ts.AddCheckpoint("process_refresh_app_conditions_errors_ms") return } @@ -1602,6 +1684,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo compareResult, err := ctrl.appStateManager.CompareAppState(app, project, revisions, sources, refreshType == appv1.RefreshTypeHard, comparisonLevel == CompareWithLatestForceResolve, localManifests, hasMultipleSources, false) + ts.AddCheckpoint("compare_app_state_ms") if goerrors.Is(err, CompareStateRepoError) { logCtx.Warnf("Ignoring temporary failed attempt to compare app state against repo: %v", err) @@ -1613,15 +1696,18 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo } ctrl.normalizeApplication(origApp, app) + ts.AddCheckpoint("normalize_application_ms") tree, err := ctrl.setAppManagedResources(app, compareResult) + ts.AddCheckpoint("set_app_managed_resources_ms") if err != nil { logCtx.Errorf("Failed to cache app resources: %v", err) } else { app.Status.Summary = tree.GetSummary(app) } - if project.Spec.SyncWindows.Matches(app).CanSync(false) { + canSync, _ := project.Spec.SyncWindows.Matches(app).CanSync(false) + if canSync { syncErrCond, opMS := ctrl.autoSync(app, compareResult.syncStatus, compareResult.resources, compareResult.revisionUpdated) setOpMs = opMS if syncErrCond != nil { @@ -1638,6 +1724,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo } else { logCtx.Info("Sync prevented by sync window") } + ts.AddCheckpoint("auto_sync_ms") if app.Status.ReconciledAt == nil || comparisonLevel >= CompareWithLatest { app.Status.ReconciledAt = &now @@ -1651,7 +1738,10 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo app.Status.SourceType = compareResult.appSourceType app.Status.SourceTypes = compareResult.appSourceTypes app.Status.ControllerNamespace = ctrl.namespace + ts.AddCheckpoint("app_status_update_ms") patchMs = ctrl.persistAppStatus(origApp, &app.Status) + // This is a partly a duplicate of patch_ms, but more descriptive and allows to have measurement for the next step. + ts.AddCheckpoint("persist_app_status_ms") if (compareResult.hasPostDeleteHooks != app.HasPostDeleteFinalizer() || compareResult.hasPostDeleteHooks != app.HasPostDeleteFinalizer("cleanup")) && app.GetDeletionTimestamp() == nil { if compareResult.hasPostDeleteHooks { @@ -1666,6 +1756,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo logCtx.Errorf("Failed to update finalizers: %v", err) } } + ts.AddCheckpoint("process_finalizers_ms") return } @@ -1841,10 +1932,18 @@ func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, new // autoSync will initiate a sync operation for an application configured with automated sync func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *appv1.SyncStatus, resources []appv1.ResourceStatus, revisionUpdated bool) (*appv1.ApplicationCondition, time.Duration) { + logCtx := getAppLog(app) + ts := stats.NewTimingStats() + defer func() { + for k, v := range ts.Timings() { + logCtx = logCtx.WithField(k, v.Milliseconds()) + } + logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) + logCtx.Debug("Finished auto sync") + }() if app.Spec.SyncPolicy == nil || app.Spec.SyncPolicy.Automated == nil { return nil, 0 } - logCtx := getAppLog(app) if app.Operation != nil { logCtx.Infof("Skipping auto-sync: another operation is in progress") @@ -1876,10 +1975,18 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } } + selfHeal := app.Spec.SyncPolicy.Automated.SelfHeal + // Multi-Source Apps with selfHeal disabled should not trigger an autosync if + // the last sync revision and the new sync revision is the same. + if app.Spec.HasMultipleSources() && !selfHeal && reflect.DeepEqual(app.Status.Sync.Revisions, syncStatus.Revisions) { + logCtx.Infof("Skipping auto-sync: selfHeal disabled and sync caused by object update") + return nil, 0 + } + desiredCommitSHA := syncStatus.Revision desiredCommitSHAsMS := syncStatus.Revisions alreadyAttempted, attemptPhase := alreadyAttemptedSync(app, desiredCommitSHA, desiredCommitSHAsMS, app.Spec.HasMultipleSources(), revisionUpdated) - selfHeal := app.Spec.SyncPolicy.Automated.SelfHeal + ts.AddCheckpoint("already_attempted_sync_ms") op := appv1.Operation{ Sync: &appv1.SyncOperation{ Revision: desiredCommitSHA, @@ -1890,6 +1997,9 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * InitiatedBy: appv1.OperationInitiator{Automated: true}, Retry: appv1.RetryStrategy{Limit: 5}, } + if app.Status.OperationState != nil && app.Status.OperationState.Operation.Sync != nil { + op.Sync.SelfHealAttemptsCount = app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount + } if app.Spec.SyncPolicy.Retry != nil { op.Retry = *app.Spec.SyncPolicy.Retry } @@ -1907,6 +2017,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * return nil, 0 } else if alreadyAttempted && selfHeal { if shouldSelfHeal, retryAfter := ctrl.shouldSelfHeal(app); shouldSelfHeal { + op.Sync.SelfHealAttemptsCount++ for _, resource := range resources { if resource.Status != appv1.SyncStatusCodeSynced { op.Sync.Resources = append(op.Sync.Resources, appv1.SyncOperationResource{ @@ -1922,6 +2033,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * return nil, 0 } } + ts.AddCheckpoint("already_attempted_check_ms") if app.Spec.SyncPolicy.Automated.Prune && !app.Spec.SyncPolicy.Automated.AllowEmpty { bAllNeedPrune := true @@ -1932,14 +2044,16 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } if bAllNeedPrune { message := fmt.Sprintf("Skipping sync attempt to %s: auto-sync will wipe out all resources", desiredCommitSHA) - logCtx.Warnf(message) + logCtx.Warn(message) return &appv1.ApplicationCondition{Type: appv1.ApplicationConditionSyncError, Message: message}, 0 } } appIf := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace) + ts.AddCheckpoint("get_applications_ms") start := time.Now() updatedApp, err := argo.SetAppOperation(appIf, app.Name, &op) + ts.AddCheckpoint("set_app_operation_ms") setOpTime := time.Since(start) if err != nil { if goerrors.Is(err, argo.ErrAnotherOperationInProgress) { @@ -1954,6 +2068,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } else { ctrl.writeBackToInformer(updatedApp) } + ts.AddCheckpoint("write_back_to_informer_ms") var target string if updatedApp.Spec.HasMultipleSources() { @@ -2025,10 +2140,24 @@ func (ctrl *ApplicationController) shouldSelfHeal(app *appv1.Application) (bool, } var retryAfter time.Duration - if app.Status.OperationState.FinishedAt == nil { - retryAfter = ctrl.selfHealTimeout + if ctrl.selfHealBackOff == nil { + if app.Status.OperationState.FinishedAt == nil { + retryAfter = ctrl.selfHealTimeout + } else { + retryAfter = ctrl.selfHealTimeout - time.Since(app.Status.OperationState.FinishedAt.Time) + } } else { - retryAfter = ctrl.selfHealTimeout - time.Since(app.Status.OperationState.FinishedAt.Time) + backOff := *ctrl.selfHealBackOff + backOff.Steps = int(app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount) + var delay time.Duration + for backOff.Steps > 0 { + delay = backOff.Step() + } + if app.Status.OperationState.FinishedAt == nil { + retryAfter = delay + } else { + retryAfter = delay - time.Since(app.Status.OperationState.FinishedAt.Time) + } } return retryAfter <= 0, retryAfter } @@ -2165,7 +2294,6 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar key, err := cache.MetaNamespaceKeyFunc(obj) if err == nil { ctrl.appRefreshQueue.AddRateLimited(key) - ctrl.appOperationQueue.AddRateLimited(key) } newApp, newOK := obj.(*appv1.Application) if err == nil && newOK { @@ -2200,7 +2328,9 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar } ctrl.requestAppRefresh(newApp.QualifiedName(), compareWith, delay) - ctrl.appOperationQueue.AddRateLimited(key) + if !newOK || (delay != nil && *delay != time.Duration(0)) { + ctrl.appOperationQueue.AddRateLimited(key) + } ctrl.clusterSharding.UpdateApp(newApp) }, DeleteFunc: func(obj interface{}) { diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 0ce49fb83cfcb..fe46440eb8d5f 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -4,16 +4,18 @@ import ( "context" "encoding/json" "errors" + "fmt" "testing" "time" + clustercache "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/utils/kube/kubetest" "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/rest" - - clustercache "github.com/argoproj/gitops-engine/pkg/cache" + "k8s.io/utils/ptr" "github.com/argoproj/argo-cd/v2/common" statecache "github.com/argoproj/argo-cd/v2/controller/cache" @@ -43,12 +45,15 @@ import ( "github.com/argoproj/argo-cd/v2/reposerver/apiclient" mockrepoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" "github.com/argoproj/argo-cd/v2/test" + "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/argo/normalizers" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/settings" ) +var testEnableEventList []string = argo.DefaultEnableEventList() + type namespacedResource struct { v1alpha1.ResourceNode AppName string @@ -64,6 +69,7 @@ type fakeData struct { metricsCacheExpiration time.Duration applicationNamespaces []string updateRevisionForPathsResponse *apiclient.UpdateRevisionForPathsResponse + additionalObjs []runtime.Object } type MockKubectl struct { @@ -133,7 +139,9 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { }, Data: data.configMapData, } - kubeClient := fake.NewSimpleClientset(&clust, &cm, &secret) + runtimeObjs := []runtime.Object{&clust, &secret, &cm} + runtimeObjs = append(runtimeObjs, data.additionalObjs...) + kubeClient := fake.NewSimpleClientset(runtimeObjs...) settingsMgr := settings.NewSettingsManager(context.Background(), kubeClient, test.FakeArgoCDNamespace) kubectl := &MockKubectl{Kubectl: &kubetest.MockKubectlCmd{}} ctrl, err := NewApplicationController( @@ -151,10 +159,12 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { time.Hour, time.Second, time.Minute, + nil, time.Second*10, common.DefaultPortArgoCDMetrics, data.metricsCacheExpiration, []string{}, + []string{}, 0, true, nil, @@ -163,6 +173,7 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { false, false, normalizers.IgnoreNormalizerOpts{}, + testEnableEventList, ) db := &dbmocks.ArgoDB{} db.On("GetApplicationControllerReplicas").Return(1) @@ -193,14 +204,16 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { mockStateCache.On("GetNamespaceTopLevelResources", mock.Anything, mock.Anything).Return(response, nil) mockStateCache.On("IterateResources", mock.Anything, mock.Anything).Return(nil) mockStateCache.On("GetClusterCache", mock.Anything).Return(&clusterCacheMock, nil) - mockStateCache.On("IterateHierarchy", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) { - key := args[1].(kube.ResourceKey) + mockStateCache.On("IterateHierarchyV2", mock.Anything, mock.Anything, mock.Anything).Run(func(args mock.Arguments) { + keys := args[1].([]kube.ResourceKey) action := args[2].(func(child v1alpha1.ResourceNode, appName string) bool) - appName := "" - if res, ok := data.namespacedResources[key]; ok { - appName = res.AppName + for _, key := range keys { + appName := "" + if res, ok := data.namespacedResources[key]; ok { + appName = res.AppName + } + _ = action(v1alpha1.ResourceNode{ResourceRef: v1alpha1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) } - _ = action(v1alpha1.ResourceNode{ResourceRef: v1alpha1.ResourceRef{Kind: key.Kind, Group: key.Group, Namespace: key.Namespace, Name: key.Name}}, appName) }).Return(nil) return ctrl } @@ -561,6 +574,42 @@ func TestAutoSync(t *testing.T) { assert.False(t, app.Operation.Sync.Prune) } +func TestMultiSourceSelfHeal(t *testing.T) { + // Simulate OutOfSync caused by object change in cluster + // So our Sync Revisions and SyncStatus Revisions should deep equal + t.Run("ClusterObjectChangeShouldNotTriggerAutoSync", func(t *testing.T) { + app := newFakeMultiSourceApp() + app.Spec.SyncPolicy.Automated.SelfHeal = false + app.Status.Sync.Revisions = []string{"z", "x", "v"} + ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil) + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, + Revisions: []string{"z", "x", "v"}, + } + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook-1", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true) + assert.Nil(t, cond) + app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) + require.NoError(t, err) + assert.Nil(t, app.Operation) + }) + + t.Run("NewRevisionChangeShouldTriggerAutoSync", func(t *testing.T) { + app := newFakeMultiSourceApp() + app.Spec.SyncPolicy.Automated.SelfHeal = false + app.Status.Sync.Revisions = []string{"a", "b", "c"} + ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil) + syncStatus := v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeOutOfSync, + Revisions: []string{"z", "x", "v"}, + } + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook-1", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true) + assert.Nil(t, cond) + app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) + require.NoError(t, err) + assert.NotNil(t, app.Operation) + }) +} + func TestAutoSyncNotAllowEmpty(t *testing.T) { app := newFakeApp() app.Spec.SyncPolicy.Automated.Prune = true @@ -582,7 +631,7 @@ func TestAutoSyncAllowEmpty(t *testing.T) { Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, true) assert.Nil(t, cond) } @@ -596,7 +645,7 @@ func TestSkipAutoSync(t *testing.T) { Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, true) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -611,7 +660,7 @@ func TestSkipAutoSync(t *testing.T) { Status: v1alpha1.SyncStatusCodeSynced, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, true) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -627,7 +676,7 @@ func TestSkipAutoSync(t *testing.T) { Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, true) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -644,7 +693,7 @@ func TestSkipAutoSync(t *testing.T) { Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}, true) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -670,7 +719,7 @@ func TestSkipAutoSync(t *testing.T) { Status: v1alpha1.SyncStatusCodeOutOfSync, Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -686,7 +735,7 @@ func TestSkipAutoSync(t *testing.T) { } cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{ {Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync, RequiresPruning: true}, - }, false) + }, true) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -722,7 +771,7 @@ func TestAutoSyncIndicateError(t *testing.T) { Source: *app.Spec.Source.DeepCopy(), }, } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -765,7 +814,7 @@ func TestAutoSyncParameterOverrides(t *testing.T) { Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", }, } - cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, false) + cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) require.NoError(t, err) @@ -1134,7 +1183,7 @@ func TestNormalizeApplication(t *testing.T) { normalized := false fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - if string(patchAction.GetPatch()) == `{"spec":{"project":"default"},"status":{"sync":{"comparedTo":{"destination":{},"source":{"repoURL":""}}}}}` { + if string(patchAction.GetPatch()) == `{"spec":{"project":"default"}}` { normalized = true } } @@ -1790,7 +1839,7 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message") assert.Contains(t, message, "Retrying attempt #1") retryCount, _, _ := unstructured.NestedFloat64(receivedPatch, "status", "operationState", "retryCount") - assert.Equal(t, float64(1), retryCount) + assert.InEpsilon(t, float64(1), retryCount, 0.0001) } func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { @@ -2169,3 +2218,66 @@ func TestAlreadyAttemptSync(t *testing.T) { assert.False(t, attempted) }) } + +func assertDurationAround(t *testing.T, expected time.Duration, actual time.Duration) { + delta := time.Second / 2 + assert.GreaterOrEqual(t, expected, actual-delta) + assert.LessOrEqual(t, expected, actual+delta) +} + +func TestSelfHealExponentialBackoff(t *testing.T) { + ctrl := newFakeController(&fakeData{}, nil) + ctrl.selfHealBackOff = &wait.Backoff{ + Factor: 3, + Duration: 2 * time.Second, + Cap: 5 * time.Minute, + } + + app := &v1alpha1.Application{ + Status: v1alpha1.ApplicationStatus{ + OperationState: &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + }, + }, + }, + } + + testCases := []struct { + attempts int64 + finishedAt *metav1.Time + expectedDuration time.Duration + shouldSelfHeal bool + }{{ + attempts: 0, + finishedAt: ptr.To(metav1.Now()), + expectedDuration: 0, + shouldSelfHeal: true, + }, { + attempts: 1, + finishedAt: ptr.To(metav1.Now()), + expectedDuration: 2 * time.Second, + shouldSelfHeal: false, + }, { + attempts: 2, + finishedAt: ptr.To(metav1.Now()), + expectedDuration: 6 * time.Second, + shouldSelfHeal: false, + }, { + attempts: 3, + finishedAt: nil, + expectedDuration: 18 * time.Second, + shouldSelfHeal: false, + }} + + for i := range testCases { + tc := testCases[i] + t.Run(fmt.Sprintf("test case %d", i), func(t *testing.T) { + app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount = tc.attempts + app.Status.OperationState.FinishedAt = tc.finishedAt + ok, duration := ctrl.shouldSelfHeal(app) + require.Equal(t, ok, tc.shouldSelfHeal) + assertDurationAround(t, tc.expectedDuration, duration) + }) + } +} diff --git a/controller/cache/cache.go b/controller/cache/cache.go index 113fe1ccf83f0..c4f13bbd49b38 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -9,6 +9,7 @@ import ( "net/url" "os/exec" "reflect" + "strconv" "strings" "sync" "syscall" @@ -41,8 +42,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) -//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=LiveStateCache - const ( // EnvClusterCacheResyncDuration is the env variable that holds cluster cache re-sync duration EnvClusterCacheResyncDuration = "ARGOCD_CLUSTER_CACHE_RESYNC_DURATION" @@ -69,6 +68,10 @@ const ( // EnvClusterCacheRetryUseBackoff is the env variable to control whether to use a backoff strategy with the retry during cluster cache sync EnvClusterCacheRetryUseBackoff = "ARGOCD_CLUSTER_CACHE_RETRY_USE_BACKOFF" + + // AnnotationIgnoreResourceUpdates when set to true on an untracked resource, + // argo will apply `ignoreResourceUpdates` configuration on it. + AnnotationIgnoreResourceUpdates = "argocd.argoproj.io/ignore-resource-updates" ) // GitOps engine cluster cache tuning options @@ -122,6 +125,8 @@ type LiveStateCache interface { GetClusterCache(server string) (clustercache.ClusterCache, error) // Executes give callback against resource specified by the key and all its children IterateHierarchy(server string, key kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error + // Executes give callback against resources specified by the keys and all its children + IterateHierarchyV2(server string, keys []kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error // Returns state of live nodes which correspond for target nodes of specified application. GetManagedLiveObjs(a *appv1.Application, targetObjs []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error) // IterateResources iterates all resource stored in cache @@ -192,6 +197,7 @@ type cacheSettings struct { clusterSettings clustercache.Settings appInstanceLabelKey string trackingMethod appv1.TrackingMethod + installationID string // resourceOverrides provides a list of ignored differences to ignore watched resource updates resourceOverrides map[string]appv1.ResourceOverride @@ -220,6 +226,10 @@ func (c *liveStateCache) loadCacheSettings() (*cacheSettings, error) { if err != nil { return nil, err } + installationID, err := c.settingsMgr.GetInstallationID() + if err != nil { + return nil, err + } resourceUpdatesOverrides, err := c.settingsMgr.GetIgnoreResourceUpdatesOverrides() if err != nil { return nil, err @@ -241,7 +251,7 @@ func (c *liveStateCache) loadCacheSettings() (*cacheSettings, error) { ResourcesFilter: resourcesFilter, } - return &cacheSettings{clusterSettings, appInstanceLabelKey, argo.GetTrackingMethod(c.settingsMgr), resourceUpdatesOverrides, ignoreResourceUpdatesEnabled}, nil + return &cacheSettings{clusterSettings, appInstanceLabelKey, argo.GetTrackingMethod(c.settingsMgr), installationID, resourceUpdatesOverrides, ignoreResourceUpdatesEnabled}, nil } func asResourceNode(r *clustercache.Resource) appv1.ResourceNode { @@ -365,13 +375,30 @@ func skipResourceUpdate(oldInfo, newInfo *ResourceInfo) bool { // shouldHashManifest validates if the API resource needs to be hashed. // If there's an app name from resource tracking, or if this is itself an app, we should generate a hash. // Otherwise, the hashing should be skipped to save CPU time. -func shouldHashManifest(appName string, gvk schema.GroupVersionKind) bool { - // Only hash if the resource belongs to an app. +func shouldHashManifest(appName string, gvk schema.GroupVersionKind, un *unstructured.Unstructured) bool { + // Only hash if the resource belongs to an app OR argocd.argoproj.io/ignore-resource-updates is present and set to true // Best - Only hash for resources that are part of an app or their dependencies // (current) - Only hash for resources that are part of an app + all apps that might be from an ApplicationSet // Orphan - If orphan is enabled, hash should be made on all resource of that namespace and a config to disable it // Worst - Hash all resources watched by Argo - return appName != "" || (gvk.Group == application.Group && gvk.Kind == application.ApplicationKind) + isTrackedResource := appName != "" || (gvk.Group == application.Group && gvk.Kind == application.ApplicationKind) + + // If the resource is not a tracked resource, we will look up argocd.argoproj.io/ignore-resource-updates and decide + // whether we generate hash or not. + // If argocd.argoproj.io/ignore-resource-updates is presented and is true, return true + // Else return false + if !isTrackedResource { + if val, ok := un.GetAnnotations()[AnnotationIgnoreResourceUpdates]; ok { + applyResourcesUpdate, err := strconv.ParseBool(val) + if err != nil { + applyResourcesUpdate = false + } + return applyResourcesUpdate + } + return false + } + + return isTrackedResource } // isRetryableError is a helper method to see whether an error @@ -513,14 +540,14 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e res.Health, _ = health.GetResourceHealth(un, cacheSettings.clusterSettings.ResourceHealthOverride) - appName := c.resourceTracking.GetAppName(un, cacheSettings.appInstanceLabelKey, cacheSettings.trackingMethod) + appName := c.resourceTracking.GetAppName(un, cacheSettings.appInstanceLabelKey, cacheSettings.trackingMethod, cacheSettings.installationID) if isRoot && appName != "" { res.AppName = appName } gvk := un.GroupVersionKind() - if cacheSettings.ignoreResourceUpdatesEnabled && shouldHashManifest(appName, gvk) { + if cacheSettings.ignoreResourceUpdatesEnabled && shouldHashManifest(appName, gvk, un) { hash, err := generateManifestHash(un, nil, cacheSettings.resourceOverrides, c.ignoreNormalizerOpts) if err != nil { log.Errorf("Failed to generate manifest hash: %v", err) @@ -549,16 +576,6 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e ref = oldRes.Ref } - if newRes == nil { - log.WithFields(log.Fields{ - "server": cluster.Server, - "namespace": ref.Namespace, - "name": ref.Name, - "api-version": ref.APIVersion, - "kind": ref.Kind, - }).Debug("Resource was deleted") - } - c.lock.RLock() cacheSettings := c.cacheSettings c.lock.RUnlock() @@ -649,6 +666,17 @@ func (c *liveStateCache) IterateHierarchy(server string, key kube.ResourceKey, a return nil } +func (c *liveStateCache) IterateHierarchyV2(server string, keys []kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error { + clusterInfo, err := c.getSyncedCluster(server) + if err != nil { + return err + } + clusterInfo.IterateHierarchyV2(keys, func(resource *clustercache.Resource, namespaceResources map[kube.ResourceKey]*clustercache.Resource) bool { + return action(asResourceNode(resource), getApp(resource, namespaceResources)) + }) + return nil +} + func (c *liveStateCache) IterateResources(server string, callback func(res *clustercache.Resource, info *ResourceInfo)) error { clusterInfo, err := c.getSyncedCluster(server) if err != nil { diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 09064883223f1..63935a1e453f4 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -9,6 +9,8 @@ import ( "testing" "time" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" apierr "k8s.io/apimachinery/pkg/api/errors" @@ -25,6 +27,7 @@ import ( "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/controller/metrics" "github.com/argoproj/argo-cd/v2/controller/sharding" + "github.com/argoproj/argo-cd/v2/pkg/apis/application" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" argosettings "github.com/argoproj/argo-cd/v2/util/settings" @@ -653,3 +656,79 @@ func TestSkipResourceUpdate(t *testing.T) { })) }) } + +func TestShouldHashManifest(t *testing.T) { + tests := []struct { + name string + appName string + gvk schema.GroupVersionKind + un *unstructured.Unstructured + annotations map[string]string + want bool + }{ + { + name: "appName not empty gvk matches", + appName: "MyApp", + gvk: schema.GroupVersionKind{Group: application.Group, Kind: application.ApplicationKind}, + un: &unstructured.Unstructured{}, + want: true, + }, + { + name: "appName empty", + appName: "", + gvk: schema.GroupVersionKind{Group: application.Group, Kind: application.ApplicationKind}, + un: &unstructured.Unstructured{}, + want: true, + }, + { + name: "appName empty group not match", + appName: "", + gvk: schema.GroupVersionKind{Group: "group1", Kind: application.ApplicationKind}, + un: &unstructured.Unstructured{}, + want: false, + }, + { + name: "appName empty kind not match", + appName: "", + gvk: schema.GroupVersionKind{Group: application.Group, Kind: "kind1"}, + un: &unstructured.Unstructured{}, + want: false, + }, + { + name: "argocd.argoproj.io/ignore-resource-updates=true", + appName: "", + gvk: schema.GroupVersionKind{Group: application.Group, Kind: "kind1"}, + un: &unstructured.Unstructured{}, + annotations: map[string]string{"argocd.argoproj.io/ignore-resource-updates": "true"}, + want: true, + }, + { + name: "argocd.argoproj.io/ignore-resource-updates=invalid", + appName: "", + gvk: schema.GroupVersionKind{Group: application.Group, Kind: "kind1"}, + un: &unstructured.Unstructured{}, + annotations: map[string]string{"argocd.argoproj.io/ignore-resource-updates": "invalid"}, + want: false, + }, + { + name: "argocd.argoproj.io/ignore-resource-updates=false", + appName: "", + gvk: schema.GroupVersionKind{Group: application.Group, Kind: "kind1"}, + un: &unstructured.Unstructured{}, + annotations: map[string]string{"argocd.argoproj.io/ignore-resource-updates": "false"}, + want: false, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + if test.annotations != nil { + test.un.SetAnnotations(test.annotations) + } + got := shouldHashManifest(test.appName, test.gvk, test.un) + if test.want != got { + t.Fatalf("test=%v want %v got %v", test.name, test.want, got) + } + }) + } +} diff --git a/controller/cache/info.go b/controller/cache/info.go index 0734e2d118678..75595523033b4 100644 --- a/controller/cache/info.go +++ b/controller/cache/info.go @@ -278,6 +278,32 @@ func populateIstioVirtualServiceInfo(un *unstructured.Unstructured, res *Resourc res.NetworkingInfo = &v1alpha1.ResourceNetworkingInfo{TargetRefs: targets, ExternalURLs: urls} } +func isPodInitializedConditionTrue(status *v1.PodStatus) bool { + for _, condition := range status.Conditions { + if condition.Type != v1.PodInitialized { + continue + } + + return condition.Status == v1.ConditionTrue + } + return false +} + +func isRestartableInitContainer(initContainer *v1.Container) bool { + if initContainer == nil { + return false + } + if initContainer.RestartPolicy == nil { + return false + } + + return *initContainer.RestartPolicy == v1.ContainerRestartPolicyAlways +} + +func isPodPhaseTerminal(phase v1.PodPhase) bool { + return phase == v1.PodFailed || phase == v1.PodSucceeded +} + func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { pod := v1.Pod{} err := runtime.DefaultUnstructuredConverter.FromUnstructured(un.Object, &pod) @@ -288,7 +314,8 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { totalContainers := len(pod.Spec.Containers) readyContainers := 0 - reason := string(pod.Status.Phase) + podPhase := pod.Status.Phase + reason := string(podPhase) if pod.Status.Reason != "" { reason = pod.Status.Reason } @@ -306,6 +333,21 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { res.Images = append(res.Images, image) } + // If the Pod carries {type:PodScheduled, reason:SchedulingGated}, set reason to 'SchedulingGated'. + for _, condition := range pod.Status.Conditions { + if condition.Type == v1.PodScheduled && condition.Reason == v1.PodReasonSchedulingGated { + reason = v1.PodReasonSchedulingGated + } + } + + initContainers := make(map[string]*v1.Container) + for i := range pod.Spec.InitContainers { + initContainers[pod.Spec.InitContainers[i].Name] = &pod.Spec.InitContainers[i] + if isRestartableInitContainer(&pod.Spec.InitContainers[i]) { + totalContainers++ + } + } + initializing := false for i := range pod.Status.InitContainerStatuses { container := pod.Status.InitContainerStatuses[i] @@ -313,6 +355,12 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { switch { case container.State.Terminated != nil && container.State.Terminated.ExitCode == 0: continue + case isRestartableInitContainer(initContainers[container.Name]) && + container.Started != nil && *container.Started: + if container.Ready { + readyContainers++ + } + continue case container.State.Terminated != nil: // initialization is failed if len(container.State.Terminated.Reason) == 0 { @@ -334,8 +382,7 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { } break } - if !initializing { - restarts = 0 + if !initializing || isPodInitializedConditionTrue(&pod.Status) { hasRunning := false for i := len(pod.Status.ContainerStatuses) - 1; i >= 0; i-- { container := pod.Status.ContainerStatuses[i] @@ -370,7 +417,9 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { // and https://github.com/kubernetes/kubernetes/issues/90358#issuecomment-617859364 if pod.DeletionTimestamp != nil && pod.Status.Reason == "NodeLost" { reason = "Unknown" - } else if pod.DeletionTimestamp != nil { + // If the pod is being deleted and the pod phase is not succeeded or failed, set the reason to "Terminating". + // See https://github.com/kubernetes/kubectl/issues/1595#issuecomment-2080001023 + } else if pod.DeletionTimestamp != nil && !isPodPhaseTerminal(podPhase) { reason = "Terminating" } diff --git a/controller/cache/info_test.go b/controller/cache/info_test.go index da47f8e498c63..7eedb7b2cbd48 100644 --- a/controller/cache/info_test.go +++ b/controller/cache/info_test.go @@ -285,6 +285,552 @@ func TestGetPodInfo(t *testing.T) { assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{Labels: map[string]string{"app": "guestbook"}}, info.NetworkingInfo) } +func TestGetPodWithInitialContainerInfo(t *testing.T) { + pod := strToUnstructured(` + apiVersion: "v1" + kind: "Pod" + metadata: + labels: + app: "app-with-initial-container" + name: "app-with-initial-container-5f46976fdb-vd6rv" + namespace: "default" + ownerReferences: + - apiVersion: "apps/v1" + kind: "ReplicaSet" + name: "app-with-initial-container-5f46976fdb" + spec: + containers: + - image: "alpine:latest" + imagePullPolicy: "Always" + name: "app-with-initial-container" + initContainers: + - image: "alpine:latest" + imagePullPolicy: "Always" + name: "app-with-initial-container-logshipper" + nodeName: "minikube" + status: + containerStatuses: + - image: "alpine:latest" + name: "app-with-initial-container" + ready: true + restartCount: 0 + started: true + state: + running: + startedAt: "2024-10-08T08:44:25Z" + initContainerStatuses: + - image: "alpine:latest" + name: "app-with-initial-container-logshipper" + ready: true + restartCount: 0 + started: false + state: + terminated: + exitCode: 0 + reason: "Completed" + phase: "Running" +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Running"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "1/1"}, + }, info.Info) +} + +func TestGetPodInfoWithSidecar(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + labels: + app: app-with-sidecar + name: app-with-sidecar-6664cc788c-lqlrp + namespace: default + ownerReferences: + - apiVersion: apps/v1 + kind: ReplicaSet + name: app-with-sidecar-6664cc788c + spec: + containers: + - image: 'docker.m.daocloud.io/library/alpine:latest' + imagePullPolicy: Always + name: app-with-sidecar + initContainers: + - image: 'docker.m.daocloud.io/library/alpine:latest' + imagePullPolicy: Always + name: logshipper + restartPolicy: Always + nodeName: minikube + status: + containerStatuses: + - image: 'docker.m.daocloud.io/library/alpine:latest' + name: app-with-sidecar + ready: true + restartCount: 0 + started: true + state: + running: + startedAt: '2024-10-08T08:39:43Z' + initContainerStatuses: + - image: 'docker.m.daocloud.io/library/alpine:latest' + name: logshipper + ready: true + restartCount: 0 + started: true + state: + running: + startedAt: '2024-10-08T08:39:40Z' + phase: Running +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Running"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "2/2"}, + }, info.Info) +} + +func TestGetPodInfoWithInitialContainer(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + generateName: myapp-long-exist-56b7d8794d- + labels: + app: myapp-long-exist + name: myapp-long-exist-56b7d8794d-pbgrd + namespace: linghao + ownerReferences: + - apiVersion: apps/v1 + kind: ReplicaSet + name: myapp-long-exist-56b7d8794d + spec: + containers: + - image: alpine:latest + imagePullPolicy: Always + name: myapp-long-exist + initContainers: + - image: alpine:latest + imagePullPolicy: Always + name: myapp-long-exist-logshipper + nodeName: minikube + status: + containerStatuses: + - image: alpine:latest + name: myapp-long-exist + ready: false + restartCount: 0 + started: false + state: + waiting: + reason: PodInitializing + initContainerStatuses: + - image: alpine:latest + name: myapp-long-exist-logshipper + ready: false + restartCount: 0 + started: true + state: + running: + startedAt: '2024-10-09T08:03:45Z' + phase: Pending + startTime: '2024-10-09T08:02:39Z' +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Init:0/1"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + }, info.Info) +} + +// Test pod has 2 restartable init containers, the first one running but not started. +func TestGetPodInfoWithRestartableInitContainer(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test1 + spec: + initContainers: + - name: restartable-init-1 + restartPolicy: Always + - name: restartable-init-2 + restartPolicy: Always + containers: + - name: container + nodeName: minikube + status: + phase: Pending + initContainerStatuses: + - name: restartable-init-1 + ready: false + restartCount: 3 + state: + running: {} + started: false + lastTerminationState: + terminated: + finishedAt: "2023-10-01T00:00:00Z" # Replace with actual time + - name: restartable-init-2 + ready: false + state: + waiting: {} + started: false + containerStatuses: + - ready: false + restartCount: 0 + state: + waiting: {} + conditions: + - type: ContainersReady + status: "False" + - type: Initialized + status: "False" +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Init:0/2"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/3"}, + {Name: "Restart Count", Value: "3"}, + }, info.Info) +} + +// Test pod has 2 restartable init containers, the first one started and the second one running but not started. +func TestGetPodInfoWithPartiallyStartedInitContainers(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test1 + spec: + initContainers: + - name: restartable-init-1 + restartPolicy: Always + - name: restartable-init-2 + restartPolicy: Always + containers: + - name: container + nodeName: minikube + status: + phase: Pending + initContainerStatuses: + - name: restartable-init-1 + ready: false + restartCount: 3 + state: + running: {} + started: true + lastTerminationState: + terminated: + finishedAt: "2023-10-01T00:00:00Z" # Replace with actual time + - name: restartable-init-2 + ready: false + state: + running: {} + started: false + containerStatuses: + - ready: false + restartCount: 0 + state: + waiting: {} + conditions: + - type: ContainersReady + status: "False" + - type: Initialized + status: "False" +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Init:1/2"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/3"}, + {Name: "Restart Count", Value: "3"}, + }, info.Info) +} + +// Test pod has 2 restartable init containers started and 1 container running +func TestGetPodInfoWithStartedInitContainers(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test2 + spec: + initContainers: + - name: restartable-init-1 + restartPolicy: Always + - name: restartable-init-2 + restartPolicy: Always + containers: + - name: container + nodeName: minikube + status: + phase: Running + initContainerStatuses: + - name: restartable-init-1 + ready: false + restartCount: 3 + state: + running: {} + started: true + lastTerminationState: + terminated: + finishedAt: "2023-10-01T00:00:00Z" # Replace with actual time + - name: restartable-init-2 + ready: false + state: + running: {} + started: true + containerStatuses: + - ready: true + restartCount: 4 + state: + running: {} + lastTerminationState: + terminated: + finishedAt: "2023-10-01T00:00:00Z" # Replace with actual time + conditions: + - type: ContainersReady + status: "False" + - type: Initialized + status: "True" +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Running"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "1/3"}, + {Name: "Restart Count", Value: "7"}, + }, info.Info) +} + +// Test pod has 1 init container restarting and 1 container not running +func TestGetPodInfoWithNormalInitContainer(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test7 + spec: + initContainers: + - name: init-container + containers: + - name: main-container + nodeName: minikube + status: + phase: podPhase + initContainerStatuses: + - ready: false + restartCount: 3 + state: + running: {} + lastTerminationState: + terminated: + finishedAt: "2023-10-01T00:00:00Z" # Replace with the actual time + containerStatuses: + - ready: false + restartCount: 0 + state: + waiting: {} +`) + + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Init:0/1"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + {Name: "Restart Count", Value: "3"}, + }, info.Info) +} + +// Test pod condition succeed +func TestPodConditionSucceeded(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test8 + spec: + nodeName: minikube + containers: + - name: container + status: + phase: Succeeded + containerStatuses: + - ready: false + restartCount: 0 + state: + terminated: + reason: Completed + exitCode: 0 +`) + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Completed"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + }, info.Info) +} + +// Test pod condition failed +func TestPodConditionFailed(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test9 + spec: + nodeName: minikube + containers: + - name: container + status: + phase: Failed + containerStatuses: + - ready: false + restartCount: 0 + state: + terminated: + reason: Error + exitCode: 1 +`) + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Error"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + }, info.Info) +} + +// Test pod condition succeed with deletion +func TestPodConditionSucceededWithDeletion(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test10 + deletionTimestamp: "2023-10-01T00:00:00Z" + spec: + nodeName: minikube + containers: + - name: container + status: + phase: Succeeded + containerStatuses: + - ready: false + restartCount: 0 + state: + terminated: + reason: Completed + exitCode: 0 +`) + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Completed"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + }, info.Info) +} + +// Test pod condition running with deletion +func TestPodConditionRunningWithDeletion(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test11 + deletionTimestamp: "2023-10-01T00:00:00Z" + spec: + nodeName: minikube + containers: + - name: container + status: + phase: Running + containerStatuses: + - ready: false + restartCount: 0 + state: + running: {} +`) + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Terminating"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + }, info.Info) +} + +// Test pod condition pending with deletion +func TestPodConditionPendingWithDeletion(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test12 + deletionTimestamp: "2023-10-01T00:00:00Z" + spec: + nodeName: minikube + containers: + - name: container + status: + phase: Pending +`) + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "Terminating"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/1"}, + }, info.Info) +} + +// Test PodScheduled condition with reason SchedulingGated +func TestPodScheduledWithSchedulingGated(t *testing.T) { + pod := strToUnstructured(` + apiVersion: v1 + kind: Pod + metadata: + name: test13 + spec: + nodeName: minikube + containers: + - name: container1 + - name: container2 + status: + phase: podPhase + conditions: + - type: PodScheduled + status: "False" + reason: SchedulingGated +`) + info := &ResourceInfo{} + populateNodeInfo(pod, info, []string{}) + assert.Equal(t, []v1alpha1.InfoItem{ + {Name: "Status Reason", Value: "SchedulingGated"}, + {Name: "Node", Value: "minikube"}, + {Name: "Containers", Value: "0/2"}, + }, info.Info) +} + func TestGetNodeInfo(t *testing.T) { node := strToUnstructured(` apiVersion: v1 diff --git a/controller/cache/mocks/LiveStateCache.go b/controller/cache/mocks/LiveStateCache.go index fa15794356ce8..85a4a298ba4c2 100644 --- a/controller/cache/mocks/LiveStateCache.go +++ b/controller/cache/mocks/LiveStateCache.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -236,6 +236,24 @@ func (_m *LiveStateCache) IterateHierarchy(server string, key kube.ResourceKey, return r0 } +// IterateHierarchyV2 provides a mock function with given fields: server, keys, action +func (_m *LiveStateCache) IterateHierarchyV2(server string, keys []kube.ResourceKey, action func(v1alpha1.ResourceNode, string) bool) error { + ret := _m.Called(server, keys, action) + + if len(ret) == 0 { + panic("no return value specified for IterateHierarchyV2") + } + + var r0 error + if rf, ok := ret.Get(0).(func(string, []kube.ResourceKey, func(v1alpha1.ResourceNode, string) bool) error); ok { + r0 = rf(server, keys, action) + } else { + r0 = ret.Error(0) + } + + return r0 +} + // IterateResources provides a mock function with given fields: server, callback func (_m *LiveStateCache) IterateResources(server string, callback func(*cache.Resource, *controllercache.ResourceInfo)) error { ret := _m.Called(server, callback) diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index 3e7e70ae05da5..a9df75aff8015 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -6,7 +6,7 @@ import ( "fmt" "net/http" "os" - "regexp" + "slices" "strconv" "time" @@ -22,6 +22,7 @@ import ( applister "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/healthz" + metricsutil "github.com/argoproj/argo-cd/v2/util/metrics" "github.com/argoproj/argo-cd/v2/util/profile" ctrl_metrics "sigs.k8s.io/controller-runtime/pkg/metrics" @@ -54,7 +55,8 @@ const ( var ( descAppDefaultLabels = []string{"namespace", "name", "project"} - descAppLabels *prometheus.Desc + descAppLabels *prometheus.Desc + descAppConditions *prometheus.Desc descAppInfo = prometheus.NewDesc( "argocd_app_info", @@ -62,6 +64,7 @@ var ( append(descAppDefaultLabels, "autosync_enabled", "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"), nil, ) + // Deprecated descAppCreated = prometheus.NewDesc( "argocd_app_created_time", @@ -144,14 +147,14 @@ var ( ) // NewMetricsServer returns a new prometheus server which collects application metrics -func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFilter func(obj interface{}) bool, healthCheck func(r *http.Request) error, appLabels []string) (*MetricsServer, error) { +func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFilter func(obj interface{}) bool, healthCheck func(r *http.Request) error, appLabels []string, appConditions []string) (*MetricsServer, error) { hostname, err := os.Hostname() if err != nil { return nil, err } if len(appLabels) > 0 { - normalizedLabels := normalizeLabels("label", appLabels) + normalizedLabels := metricsutil.NormalizeLabels("label", appLabels) descAppLabels = prometheus.NewDesc( "argocd_app_labels", "Argo Application labels converted to Prometheus labels", @@ -160,8 +163,17 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil ) } + if len(appConditions) > 0 { + descAppConditions = prometheus.NewDesc( + "argocd_app_condition", + "Report application conditions.", + append(descAppDefaultLabels, "condition"), + nil, + ) + } + mux := http.NewServeMux() - registry := NewAppRegistry(appLister, appFilter, appLabels) + registry := NewAppRegistry(appLister, appFilter, appLabels, appConditions) mux.Handle(MetricsPath, promhttp.HandlerFor(prometheus.Gatherers{ // contains app controller specific metrics @@ -203,20 +215,6 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil }, nil } -// Prometheus invalid labels, more info: https://prometheus.io/docs/concepts/data_model/#metric-names-and-labels. -var invalidPromLabelChars = regexp.MustCompile(`[^a-zA-Z0-9_]`) - -func normalizeLabels(prefix string, appLabels []string) []string { - results := []string{} - for _, label := range appLabels { - // prometheus labels don't accept dash in their name - curr := invalidPromLabelChars.ReplaceAllString(label, "_") - result := fmt.Sprintf("%s_%s", prefix, curr) - results = append(results, result) - } - return results -} - func (m *MetricsServer) RegisterClustersInfoSource(ctx context.Context, source HasClustersInfo) { collector := &clusterCollector{infoSource: source} go collector.Run(ctx) @@ -307,24 +305,26 @@ func (m *MetricsServer) SetExpiration(cacheExpiration time.Duration) error { } type appCollector struct { - store applister.ApplicationLister - appFilter func(obj interface{}) bool - appLabels []string + store applister.ApplicationLister + appFilter func(obj interface{}) bool + appLabels []string + appConditions []string } // NewAppCollector returns a prometheus collector for application metrics -func NewAppCollector(appLister applister.ApplicationLister, appFilter func(obj interface{}) bool, appLabels []string) prometheus.Collector { +func NewAppCollector(appLister applister.ApplicationLister, appFilter func(obj interface{}) bool, appLabels []string, appConditions []string) prometheus.Collector { return &appCollector{ - store: appLister, - appFilter: appFilter, - appLabels: appLabels, + store: appLister, + appFilter: appFilter, + appLabels: appLabels, + appConditions: appConditions, } } // NewAppRegistry creates a new prometheus registry that collects applications -func NewAppRegistry(appLister applister.ApplicationLister, appFilter func(obj interface{}) bool, appLabels []string) *prometheus.Registry { +func NewAppRegistry(appLister applister.ApplicationLister, appFilter func(obj interface{}) bool, appLabels []string, appConditions []string) *prometheus.Registry { registry := prometheus.NewRegistry() - registry.MustRegister(NewAppCollector(appLister, appFilter, appLabels)) + registry.MustRegister(NewAppCollector(appLister, appFilter, appLabels, appConditions)) return registry } @@ -333,6 +333,9 @@ func (c *appCollector) Describe(ch chan<- *prometheus.Desc) { if len(c.appLabels) > 0 { ch <- descAppLabels } + if len(c.appConditions) > 0 { + ch <- descAppConditions + } ch <- descAppInfo ch <- descAppSyncStatusCode ch <- descAppHealthStatus @@ -397,6 +400,19 @@ func (c *appCollector) collectApps(ch chan<- prometheus.Metric, app *argoappv1.A addGauge(descAppLabels, 1, labelValues...) } + if len(c.appConditions) > 0 { + conditionCount := make(map[string]int) + for _, condition := range app.Status.Conditions { + if slices.Contains(c.appConditions, condition.Type) { + conditionCount[condition.Type]++ + } + } + + for conditionType, count := range conditionCount { + addGauge(descAppConditions, float64(count), conditionType) + } + } + // Deprecated controller metrics if os.Getenv(EnvVarLegacyControllerMetrics) == "true" { addGauge(descAppCreated, float64(app.CreationTimestamp.Unix())) diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 28422be55f653..44a6524ed7d85 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -116,6 +116,41 @@ status: status: Degraded ` +const fakeApp4 = ` +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: my-app-4 + namespace: argocd + labels: + team-name: my-team + team-bu: bu-id + argoproj.io/cluster: test-cluster +spec: + destination: + namespace: dummy-namespace + server: https://localhost:6443 + project: important-project + source: + path: some/path + repoURL: https://github.com/argoproj/argocd-example-apps.git +status: + sync: + status: OutOfSync + health: + status: Degraded + conditions: + - lastTransitionTime: "2024-08-07T12:25:40Z" + message: Application has 1 orphaned resources + type: OrphanedResourceWarning + - lastTransitionTime: "2024-08-07T12:25:40Z" + message: Resource Pod standalone-pod is excluded in the settings + type: ExcludedResourceWarning + - lastTransitionTime: "2024-08-07T12:25:40Z" + message: Resource Endpoint raw-endpoint is excluded in the settings + type: ExcludedResourceWarning +` + const fakeDefaultApp = ` apiVersion: argoproj.io/v1alpha1 kind: Application @@ -179,7 +214,7 @@ func newFakeLister(fakeAppYAMLs ...string) (context.CancelFunc, applister.Applic func testApp(t *testing.T, fakeAppYAMLs []string, expectedResponse string) { t.Helper() - testMetricServer(t, fakeAppYAMLs, expectedResponse, []string{}) + testMetricServer(t, fakeAppYAMLs, expectedResponse, []string{}, []string{}) } type fakeClusterInfo struct { @@ -194,15 +229,17 @@ type TestMetricServerConfig struct { FakeAppYAMLs []string ExpectedResponse string AppLabels []string + AppConditions []string ClustersInfo []gitopsCache.ClusterInfo } -func testMetricServer(t *testing.T, fakeAppYAMLs []string, expectedResponse string, appLabels []string) { +func testMetricServer(t *testing.T, fakeAppYAMLs []string, expectedResponse string, appLabels []string, appConditions []string) { t.Helper() cfg := TestMetricServerConfig{ FakeAppYAMLs: fakeAppYAMLs, ExpectedResponse: expectedResponse, AppLabels: appLabels, + AppConditions: appConditions, ClustersInfo: []gitopsCache.ClusterInfo{}, } runTest(t, cfg) @@ -212,7 +249,7 @@ func runTest(t *testing.T, cfg TestMetricServerConfig) { t.Helper() cancel, appLister := newFakeLister(cfg.FakeAppYAMLs...) defer cancel() - metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, cfg.AppLabels) + metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, cfg.AppLabels, cfg.AppConditions) require.NoError(t, err) if len(cfg.ClustersInfo) > 0 { @@ -303,7 +340,61 @@ argocd_app_labels{label_non_existing="",name="my-app-3",namespace="argocd",proje for _, c := range cases { c := c t.Run(c.description, func(t *testing.T) { - testMetricServer(t, c.applications, c.responseContains, c.metricLabels) + testMetricServer(t, c.applications, c.responseContains, c.metricLabels, []string{}) + }) + } +} + +func TestMetricConditions(t *testing.T) { + type testCases struct { + testCombination + description string + metricConditions []string + } + cases := []testCases{ + { + description: "metric will only output OrphanedResourceWarning", + metricConditions: []string{"OrphanedResourceWarning"}, + testCombination: testCombination{ + applications: []string{fakeApp4}, + responseContains: ` +# HELP argocd_app_condition Report application conditions. +# TYPE argocd_app_condition gauge +argocd_app_condition{condition="OrphanedResourceWarning",name="my-app-4",namespace="argocd",project="important-project"} 1 +`, + }, + }, + { + description: "metric will only output ExcludedResourceWarning", + metricConditions: []string{"ExcludedResourceWarning"}, + testCombination: testCombination{ + applications: []string{fakeApp4}, + responseContains: ` +# HELP argocd_app_condition Report application conditions. +# TYPE argocd_app_condition gauge +argocd_app_condition{condition="ExcludedResourceWarning",name="my-app-4",namespace="argocd",project="important-project"} 2 +`, + }, + }, + { + description: "metric will only output both OrphanedResourceWarning and ExcludedResourceWarning", + metricConditions: []string{"ExcludedResourceWarning", "OrphanedResourceWarning"}, + testCombination: testCombination{ + applications: []string{fakeApp4}, + responseContains: ` +# HELP argocd_app_condition Report application conditions. +# TYPE argocd_app_condition gauge +argocd_app_condition{condition="OrphanedResourceWarning",name="my-app-4",namespace="argocd",project="important-project"} 1 +argocd_app_condition{condition="ExcludedResourceWarning",name="my-app-4",namespace="argocd",project="important-project"} 2 +`, + }, + }, + } + + for _, c := range cases { + c := c + t.Run(c.description, func(t *testing.T) { + testMetricServer(t, c.applications, c.responseContains, []string{}, c.metricConditions) }) } } @@ -335,7 +426,7 @@ argocd_app_sync_status{name="my-app",namespace="argocd",project="important-proje func TestMetricsSyncCounter(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() - metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) + metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}, []string{}) require.NoError(t, err) appSyncTotal := ` @@ -380,14 +471,14 @@ func assertMetricsNotPrinted(t *testing.T, expectedLines, body string) { if line == "" { continue } - assert.False(t, strings.Contains(body, expectedLines)) + assert.NotContains(t, body, expectedLines) } } func TestReconcileMetrics(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() - metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) + metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}, []string{}) require.NoError(t, err) appReconcileMetrics := ` @@ -420,7 +511,7 @@ argocd_app_reconcile_count{dest_server="https://localhost:6443",namespace="argoc func TestMetricsReset(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() - metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) + metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}, []string{}) require.NoError(t, err) appSyncTotal := ` @@ -457,23 +548,23 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa func TestWorkqueueMetrics(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() - metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) + metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}, []string{}) require.NoError(t, err) expectedMetrics := ` # TYPE workqueue_adds_total counter -workqueue_adds_total{name="test"} +workqueue_adds_total{controller="test",name="test"} # TYPE workqueue_depth gauge -workqueue_depth{name="test"} +workqueue_depth{controller="test",name="test"} # TYPE workqueue_longest_running_processor_seconds gauge -workqueue_longest_running_processor_seconds{name="test"} +workqueue_longest_running_processor_seconds{controller="test",name="test"} # TYPE workqueue_queue_duration_seconds histogram # TYPE workqueue_unfinished_work_seconds gauge -workqueue_unfinished_work_seconds{name="test"} +workqueue_unfinished_work_seconds{controller="test",name="test"} # TYPE workqueue_work_duration_seconds histogram ` @@ -492,7 +583,7 @@ workqueue_unfinished_work_seconds{name="test"} func TestGoMetrics(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() - metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) + metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}, []string{}) require.NoError(t, err) expectedMetrics := ` diff --git a/controller/state.go b/controller/state.go index a6e4add80c6ef..f839e24503671 100644 --- a/controller/state.go +++ b/controller/state.go @@ -161,6 +161,11 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp return nil, nil, false, fmt.Errorf("failed to get Helm settings: %w", err) } + installationID, err := m.settingsMgr.GetInstallationID() + if err != nil { + return nil, nil, false, fmt.Errorf("failed to get installation ID: %w", err) + } + ts.AddCheckpoint("build_options_ms") serverVersion, apiResources, err := m.liveStateCache.GetVersionsInfo(app.Spec.Destination.Server) if err != nil { @@ -195,7 +200,6 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp if len(revisions) < len(sources) || revisions[i] == "" { revisions[i] = source.TargetRevision } - ts.AddCheckpoint("helm_ms") repo, err := m.db.GetRepository(context.Background(), source.RepoURL, proj.Name) if err != nil { return nil, nil, false, fmt.Errorf("failed to get repo %q: %w", source.RepoURL, err) @@ -233,28 +237,25 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp TrackingMethod: string(argo.GetTrackingMethod(m.settingsMgr)), RefSources: refSources, HasMultipleSources: app.Spec.HasMultipleSources(), + InstallationID: installationID, }) if err != nil { - logCtx.Warnf("failed to compare revisions for source %d of %d: %v", i+1, len(sources), err) + return nil, nil, false, fmt.Errorf("failed to compare revisions for source %d of %d: %w", i+1, len(sources), err) + } + if updateRevisionResult.Changes { + revisionUpdated = true } - if updateRevisionResult != nil { - if updateRevisionResult.Changes { - revisionUpdated = true - } - - // Generate manifests should use same revision as updateRevisionForPaths, because HEAD revision may be different between these two calls - if updateRevisionResult.Revision != "" { - revision = updateRevisionResult.Revision - } + // Generate manifests should use same revision as updateRevisionForPaths, because HEAD revision may be different between these two calls + if updateRevisionResult.Revision != "" { + revision = updateRevisionResult.Revision } } else { // revisionUpdated is set to true if at least one revision is not possible to be updated, atLeastOneRevisionIsNotPossibleToBeUpdated = true } - ts.AddCheckpoint("version_ms") - log.WithField("application", app.Name).Debugf("Generating Manifest for source %s revision %s, cache %t, revisionCache %t", source, revisions[i], !noCache, noRevisionCache) + log.Debugf("Generating Manifest for source %s revision %s", source, revision) manifestInfo, err := repoClient.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ Repo: repo, Repos: permittedHelmRepos, @@ -277,6 +278,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp RefSources: refSources, ProjectName: proj.Name, ProjectSourceRepos: proj.Spec.SourceRepos, + InstallationID: installationID, ApplicationMetadata: &app.ObjectMeta, }) if err != nil { @@ -291,8 +293,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp manifestInfos = append(manifestInfos, manifestInfo) } - ts.AddCheckpoint("unmarshal_ms") - + ts.AddCheckpoint("manifests_ms") for k, v := range ts.Timings() { logCtx = logCtx.WithField(k, v.Milliseconds()) } @@ -361,20 +362,24 @@ func DeduplicateTargetObjects( // getComparisonSettings will return the system level settings related to the // diff/normalization process. -func (m *appStateManager) getComparisonSettings() (string, map[string]v1alpha1.ResourceOverride, *settings.ResourcesFilter, error) { +func (m *appStateManager) getComparisonSettings() (string, map[string]v1alpha1.ResourceOverride, *settings.ResourcesFilter, string, error) { resourceOverrides, err := m.settingsMgr.GetResourceOverrides() if err != nil { - return "", nil, nil, err + return "", nil, nil, "", err } appLabelKey, err := m.settingsMgr.GetAppInstanceLabelKey() if err != nil { - return "", nil, nil, err + return "", nil, nil, "", err } resFilter, err := m.settingsMgr.GetResourcesFilter() if err != nil { - return "", nil, nil, err + return "", nil, nil, "", err } - return appLabelKey, resourceOverrides, resFilter, nil + installationID, err := m.settingsMgr.GetInstallationID() + if err != nil { + return "", nil, nil, "", err + } + return appLabelKey, resourceOverrides, resFilter, installationID, nil } // verifyGnuPGSignature verifies the result of a GnuPG operation for a given git @@ -425,7 +430,7 @@ func isManagedNamespace(ns *unstructured.Unstructured, app *v1alpha1.Application // revision and overrides in the app spec. func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error) { ts := stats.NewTimingStats() - appLabelKey, resourceOverrides, resFilter, err := m.getComparisonSettings() + appLabelKey, resourceOverrides, resFilter, installationID, err := m.getComparisonSettings() ts.AddCheckpoint("settings_ms") @@ -454,7 +459,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // When signature keys are defined in the project spec, we need to verify the signature on the Git revision verifySignature := false - if project.Spec.SignatureKeys != nil && len(project.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled() { + if len(project.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled() { verifySignature = true } @@ -595,7 +600,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 for _, liveObj := range liveObjByKey { if liveObj != nil { - appInstanceName := m.resourceTracking.GetAppName(liveObj, appLabelKey, trackingMethod) + appInstanceName := m.resourceTracking.GetAppName(liveObj, appLabelKey, trackingMethod, installationID) if appInstanceName != "" && appInstanceName != app.InstanceName(m.namespace) { fqInstanceName := strings.ReplaceAll(appInstanceName, "_", "/") conditions = append(conditions, v1alpha1.ApplicationCondition{ @@ -627,7 +632,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } // No need to care about the return value here, we just want the modified managedNs - _, err = syncNamespace(m.resourceTracking, appLabelKey, trackingMethod, app.Name, app.Spec.SyncPolicy)(managedNs, liveObj) + _, err = syncNamespace(app.Spec.SyncPolicy)(managedNs, liveObj) if err != nil { conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) failedToLoadObjs = true @@ -740,7 +745,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } gvk := obj.GroupVersionKind() - isSelfReferencedObj := m.isSelfReferencedObj(liveObj, targetObj, app.GetName(), appLabelKey, trackingMethod) + isSelfReferencedObj := m.isSelfReferencedObj(liveObj, targetObj, app.GetName(), appLabelKey, trackingMethod, installationID) resState := v1alpha1.ResourceStatus{ Namespace: obj.GetNamespace(), @@ -952,9 +957,7 @@ func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sou return false } - currentSpec := app.BuildComparedToStatus() - specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, currentSpec) - if specChanged { + if !specEqualsCompareTo(app.Spec, app.Status.Sync.ComparedTo) { log.WithField("useDiffCache", "false").Debug("specChanged") return false } @@ -963,6 +966,29 @@ func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sou return true } +// specEqualsCompareTo compares the application spec to the comparedTo status. It normalizes the destination to match +// the comparedTo destination before comparing. It does not mutate the original spec or comparedTo. +func specEqualsCompareTo(spec v1alpha1.ApplicationSpec, comparedTo v1alpha1.ComparedTo) bool { + // Make a copy to be sure we don't mutate the original. + specCopy := spec.DeepCopy() + currentSpec := specCopy.BuildComparedToStatus() + + // The spec might have been augmented to include both server and name, so change it to match the comparedTo before + // comparing. + if comparedTo.Destination.Server == "" { + currentSpec.Destination.Server = "" + } + if comparedTo.Destination.Name == "" { + currentSpec.Destination.Name = "" + } + + // Set IsServerInferred to false on both, because that field is not important for comparison. + comparedTo.Destination.SetIsServerInferred(false) + currentSpec.Destination.SetIsServerInferred(false) + + return reflect.DeepEqual(comparedTo, currentSpec) +} + func (m *appStateManager) persistRevisionHistory( app *v1alpha1.Application, revision string, @@ -1057,7 +1083,7 @@ func NewAppStateManager( // group and kind) match the properties of the live object, or if the tracking method // used does not provide the required properties for matching. // Reference: https://github.com/argoproj/argo-cd/issues/8683 -func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstructured, appName, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool { +func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstructured, appName, appLabelKey string, trackingMethod v1alpha1.TrackingMethod, installationID string) bool { if live == nil { return true } @@ -1090,7 +1116,7 @@ func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstruc // to match the properties from the live object. Cluster scoped objects // carry the app's destination namespace in the tracking annotation, // but are unique in GVK + name combination. - appInstance := m.resourceTracking.GetAppInstance(live, appLabelKey, trackingMethod) + appInstance := m.resourceTracking.GetAppInstance(live, appLabelKey, trackingMethod, installationID) if appInstance != nil { return isSelfReferencedObj(live, *appInstance) } diff --git a/controller/state_test.go b/controller/state_test.go index 72de49fd656dd..0294070c56e37 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -1398,8 +1398,8 @@ func TestIsLiveResourceManaged(t *testing.T) { configObj := managedObj.DeepCopy() // then - assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel, "")) + assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation, "")) }) t.Run("will return true if tracked with label", func(t *testing.T) { // given @@ -1407,43 +1407,43 @@ func TestIsLiveResourceManaged(t *testing.T) { configObj := managedObjWithLabel.DeepCopy() // then - assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) + assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel, "")) }) t.Run("will handle if trackingId has wrong resource name and config is nil", func(t *testing.T) { // given t.Parallel() // then - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel, "")) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation, "")) }) t.Run("will handle if trackingId has wrong resource group and config is nil", func(t *testing.T) { // given t.Parallel() // then - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel, "")) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation, "")) }) t.Run("will handle if trackingId has wrong kind and config is nil", func(t *testing.T) { // given t.Parallel() // then - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel, "")) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation, "")) }) t.Run("will handle if trackingId has wrong namespace and config is nil", func(t *testing.T) { // given t.Parallel() // then - assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel)) - assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel)) + assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel, "")) + assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel, "")) }) t.Run("will return true if live is nil", func(t *testing.T) { t.Parallel() - assert.True(t, manager.isSelfReferencedObj(nil, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + assert.True(t, manager.isSelfReferencedObj(nil, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation, "")) }) t.Run("will handle upgrade in desired state APIGroup", func(t *testing.T) { @@ -1453,11 +1453,13 @@ func TestIsLiveResourceManaged(t *testing.T) { delete(config.GetAnnotations(), common.AnnotationKeyAppInstance) // then - assert.True(t, manager.isSelfReferencedObj(managedWrongAPIGroup, config, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation)) + assert.True(t, manager.isSelfReferencedObj(managedWrongAPIGroup, config, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation, "")) }) } func TestUseDiffCache(t *testing.T) { + t.Parallel() + type fixture struct { testName string noCache bool @@ -1553,6 +1555,10 @@ func TestUseDiffCache(t *testing.T) { t.Fatalf("error merging app: %s", err) } } + if app.Spec.Destination.Name != "" && app.Spec.Destination.Server != "" { + // Simulate the controller's process for populating both of these fields. + app.Spec.Destination.SetInferredServer(app.Spec.Destination.Server) + } return app } @@ -1718,6 +1724,44 @@ func TestUseDiffCache(t *testing.T) { expectedUseCache: false, serverSideDiff: false, }, + { + // There are code paths that modify the ApplicationSpec and augment the destination field with both the + // destination server and name. Since both fields are populated in the app spec but not in the comparedTo, + // we need to make sure we correctly compare the fields and don't miss the cache. + testName: "will return true if the app spec destination contains both server and name, but otherwise matches comparedTo", + noCache: false, + manifestInfos: manifestInfos("rev1"), + sources: sources(), + app: app("httpbin", "rev1", false, &argoappv1.Application{ + Spec: argoappv1.ApplicationSpec{ + Destination: argoappv1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Name: "httpbin", + Namespace: "httpbin", + }, + }, + Status: argoappv1.ApplicationStatus{ + Resources: []argoappv1.ResourceStatus{}, + Sync: argoappv1.SyncStatus{ + Status: argoappv1.SyncStatusCodeSynced, + ComparedTo: argoappv1.ComparedTo{ + Destination: argoappv1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "httpbin", + }, + }, + Revision: "rev1", + }, + ReconciledAt: &metav1.Time{ + Time: time.Now().Add(-time.Hour), + }, + }, + }), + manifestRevisions: []string{"rev1"}, + statusRefreshTimeout: time.Hour * 24, + expectedUseCache: true, + serverSideDiff: true, + }, } for _, tc := range cases { diff --git a/controller/sync.go b/controller/sync.go index afcf0eaf832fb..5d102f30e6af5 100644 --- a/controller/sync.go +++ b/controller/sync.go @@ -6,6 +6,7 @@ import ( "fmt" "os" "strconv" + "strings" "sync/atomic" "time" @@ -23,6 +24,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/managedfields" "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" "k8s.io/kubectl/pkg/util/openapi" "github.com/argoproj/argo-cd/v2/controller/metrics" @@ -30,6 +32,7 @@ import ( listersv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/argo/diff" + "github.com/argoproj/argo-cd/v2/util/glob" logutils "github.com/argoproj/argo-cd/v2/util/log" "github.com/argoproj/argo-cd/v2/util/lua" "github.com/argoproj/argo-cd/v2/util/rand" @@ -41,6 +44,10 @@ const ( // EnvVarSyncWaveDelay is an environment variable which controls the delay in seconds between // each sync-wave EnvVarSyncWaveDelay = "ARGOCD_SYNC_WAVE_DELAY" + + // serviceAccountDisallowedCharSet contains the characters that are not allowed to be present + // in a DefaultServiceAccount configured for a DestinationServiceAccount + serviceAccountDisallowedCharSet = "!*[]{}\\/" ) func (m *appStateManager) getOpenAPISchema(server string) (openapi.Resources, error) { @@ -171,12 +178,18 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha state.Phase = common.OperationError state.Message = fmt.Sprintf("Failed to load application project: %v", err) return - } else if syncWindowPreventsSync(app, proj) { - // If the operation is currently running, simply let the user know the sync is blocked by a current sync window - if state.Phase == common.OperationRunning { - state.Message = "Sync operation blocked by sync window" + } else { + isBlocked, err := syncWindowPreventsSync(app, proj) + if isBlocked { + // If the operation is currently running, simply let the user know the sync is blocked by a current sync window + if state.Phase == common.OperationRunning { + state.Message = "Sync operation blocked by sync window" + if err != nil { + state.Message = fmt.Sprintf("%s: %v", state.Message, err) + } + } + return } - return } if !isMultiSourceRevision { @@ -286,8 +299,35 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha log.Errorf("Could not get appInstanceLabelKey: %v", err) return } + installationID, err := m.settingsMgr.GetInstallationID() + if err != nil { + log.Errorf("Could not get installation ID: %v", err) + return + } trackingMethod := argo.GetTrackingMethod(m.settingsMgr) + impersonationEnabled, err := m.settingsMgr.IsImpersonationEnabled() + if err != nil { + log.Errorf("could not get impersonation feature flag: %v", err) + return + } + if impersonationEnabled { + serviceAccountToImpersonate, err := deriveServiceAccountToImpersonate(proj, app) + if err != nil { + state.Phase = common.OperationError + state.Message = fmt.Sprintf("failed to find a matching service account to impersonate: %v", err) + return + } + logEntry = logEntry.WithFields(log.Fields{"impersonationEnabled": "true", "serviceAccount": serviceAccountToImpersonate}) + // set the impersonation headers. + rawConfig.Impersonate = rest.ImpersonationConfig{ + UserName: serviceAccountToImpersonate, + } + restConfig.Impersonate = rest.ImpersonationConfig{ + UserName: serviceAccountToImpersonate, + } + } + opts := []sync.SyncOpt{ sync.WithLogr(logutils.NewLogrusLogger(logEntry)), sync.WithHealthOverride(lua.ResourceHealthOverrides(resourceOverrides)), @@ -315,7 +355,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha return (len(syncOp.Resources) == 0 || isPostDeleteHook(target) || argo.ContainsSyncResource(key.Name, key.Namespace, schema.GroupVersionKind{Kind: key.Kind, Group: key.Group}, syncOp.Resources)) && - m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod) + m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod, installationID) }), sync.WithManifestValidation(!syncOp.SyncOptions.HasOption(common.SyncOptionsDisableValidation)), sync.WithSyncWaveHook(delayBetweenSyncWaves), @@ -328,7 +368,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha } if syncOp.SyncOptions.HasOption("CreateNamespace=true") { - opts = append(opts, sync.WithNamespaceModifier(syncNamespace(m.resourceTracking, appLabelKey, trackingMethod, app.Name, app.Spec.SyncPolicy))) + opts = append(opts, sync.WithNamespaceModifier(syncNamespace(app.Spec.SyncPolicy))) } syncCtx, cleanup, err := sync.NewSyncContext( @@ -533,11 +573,52 @@ func delayBetweenSyncWaves(phase common.SyncPhase, wave int, finalWave bool) err return nil } -func syncWindowPreventsSync(app *v1alpha1.Application, proj *v1alpha1.AppProject) bool { +func syncWindowPreventsSync(app *v1alpha1.Application, proj *v1alpha1.AppProject) (bool, error) { window := proj.Spec.SyncWindows.Matches(app) isManual := false if app.Status.OperationState != nil { isManual = !app.Status.OperationState.Operation.InitiatedBy.Automated } - return !window.CanSync(isManual) + canSync, err := window.CanSync(isManual) + if err != nil { + // prevents sync because sync window has an error + return true, err + } + return !canSync, nil +} + +// deriveServiceAccountToImpersonate determines the service account to be used for impersonation for the sync operation. +// The returned service account will be fully qualified including namespace and the service account name in the format system:serviceaccount:: +func deriveServiceAccountToImpersonate(project *v1alpha1.AppProject, application *v1alpha1.Application) (string, error) { + // spec.Destination.Namespace is optional. If not specified, use the Application's + // namespace + serviceAccountNamespace := application.Spec.Destination.Namespace + if serviceAccountNamespace == "" { + serviceAccountNamespace = application.Namespace + } + // Loop through the destinationServiceAccounts and see if there is any destination that is a candidate. + // if so, return the service account specified for that destination. + for _, item := range project.Spec.DestinationServiceAccounts { + dstServerMatched, err := glob.MatchWithError(item.Server, application.Spec.Destination.Server) + if err != nil { + return "", fmt.Errorf("invalid glob pattern for destination server: %w", err) + } + dstNamespaceMatched, err := glob.MatchWithError(item.Namespace, application.Spec.Destination.Namespace) + if err != nil { + return "", fmt.Errorf("invalid glob pattern for destination namespace: %w", err) + } + if dstServerMatched && dstNamespaceMatched { + if strings.Trim(item.DefaultServiceAccount, " ") == "" || strings.ContainsAny(item.DefaultServiceAccount, serviceAccountDisallowedCharSet) { + return "", fmt.Errorf("default service account contains invalid chars '%s'", item.DefaultServiceAccount) + } else if strings.Contains(item.DefaultServiceAccount, ":") { + // service account is specified along with its namespace. + return fmt.Sprintf("system:serviceaccount:%s", item.DefaultServiceAccount), nil + } else { + // service account needs to be prefixed with a namespace + return fmt.Sprintf("system:serviceaccount:%s:%s", serviceAccountNamespace, item.DefaultServiceAccount), nil + } + } + } + // if there is no match found in the AppProject.Spec.DestinationServiceAccounts, use the default service account of the destination namespace. + return "", fmt.Errorf("no matching service account found for destination server %s and namespace %s", application.Spec.Destination.Server, serviceAccountNamespace) } diff --git a/controller/sync_namespace.go b/controller/sync_namespace.go index 9578dc8651322..43e0dc6170f48 100644 --- a/controller/sync_namespace.go +++ b/controller/sync_namespace.go @@ -5,12 +5,11 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/argo" ) // syncNamespace determine if Argo CD should create and/or manage the namespace // where the application will be deployed. -func syncNamespace(resourceTracking argo.ResourceTracking, appLabelKey string, trackingMethod v1alpha1.TrackingMethod, appName string, syncPolicy *v1alpha1.SyncPolicy) func(m, l *unstructured.Unstructured) (bool, error) { +func syncNamespace(syncPolicy *v1alpha1.SyncPolicy) func(m *unstructured.Unstructured, l *unstructured.Unstructured) (bool, error) { // This function must return true for the managed namespace to be synced. return func(managedNs, liveNs *unstructured.Unstructured) (bool, error) { if managedNs == nil { diff --git a/controller/sync_namespace_test.go b/controller/sync_namespace_test.go index 7e60b0d287789..0124d99532b91 100644 --- a/controller/sync_namespace_test.go +++ b/controller/sync_namespace_test.go @@ -8,9 +8,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/types" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/argo" ) func createFakeNamespace(uid string, resourceVersion string, labels map[string]string, annotations map[string]string) *unstructured.Unstructured { @@ -250,7 +248,7 @@ func Test_shouldNamespaceSync(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - actual, err := syncNamespace(argo.NewResourceTracking(), common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", tt.syncPolicy)(tt.managedNs, tt.liveNs) + actual, err := syncNamespace(tt.syncPolicy)(tt.managedNs, tt.liveNs) require.NoError(t, err) if tt.managedNs != nil { diff --git a/controller/sync_test.go b/controller/sync_test.go index 756498d785974..51670e5c5fb1b 100644 --- a/controller/sync_test.go +++ b/controller/sync_test.go @@ -2,6 +2,7 @@ package controller import ( "context" + "strconv" "testing" "github.com/argoproj/gitops-engine/pkg/sync" @@ -9,6 +10,7 @@ import ( "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -644,6 +646,771 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { }) } +func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) { + type fixture struct { + project *v1alpha1.AppProject + application *v1alpha1.Application + } + + setup := func(destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount, destinationNamespace, destinationServerURL, applicationNamespace string) *fixture { + project := &v1alpha1.AppProject{ + ObjectMeta: v1.ObjectMeta{ + Namespace: "argocd-ns", + Name: "testProj", + }, + Spec: v1alpha1.AppProjectSpec{ + DestinationServiceAccounts: destinationServiceAccounts, + }, + } + app := &v1alpha1.Application{ + ObjectMeta: v1.ObjectMeta{ + Namespace: applicationNamespace, + Name: "testApp", + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "testProj", + Destination: v1alpha1.ApplicationDestination{ + Server: destinationServerURL, + Namespace: destinationNamespace, + }, + }, + } + return &fixture{ + project: project, + application: app, + } + } + + t.Run("empty destination service accounts", func(t *testing.T) { + // given an application referring a project with no destination service accounts + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{} + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "" + expectedErrMsg := "no matching service account found for destination server https://kubernetes.svc.local and namespace testns" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + assert.Equal(t, expectedSA, sa) + + // then, there should be an error saying no valid match was found + assert.EqualError(t, err, expectedErrMsg) + }) + + t.Run("exact match of destination namespace", func(t *testing.T) { + // given an application referring a project with exactly one destination service account that matches the application destination, + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should be no error and should use the right service account for impersonation + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("exact one match with multiple destination service accounts", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts having one exact match for application destination + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "guestbook", + DefaultServiceAccount: "guestbook-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "guestbook-test", + DefaultServiceAccount: "guestbook-test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should be no error and should use the right service account for impersonation + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("first match to be used when multiple matches are available", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts having multiple match for application destination + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa-3", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "guestbook", + DefaultServiceAccount: "guestbook-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should be no error and it should use the first matching service account for impersonation + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("first match to be used when glob pattern is used", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts with glob patterns matching the application destination + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "test*", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and should use the first matching glob pattern service account for impersonation + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("no match among a valid list", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts with no matches for application destination + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "test1", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "test2", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "" + expectedErrMsg := "no matching service account found for destination server https://kubernetes.svc.local and namespace testns" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should be an error saying no match was found + require.EqualError(t, err, expectedErrMsg) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("app destination namespace is empty", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts with empty application destination namespace + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "*", + DefaultServiceAccount: "test-sa-2", + }, + } + destinationNamespace := "" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:argocd-ns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and the service account configured for with empty namespace should be used. + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("match done via catch all glob pattern", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts having a catch all glob pattern + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns1", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "*", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and the catch all service account should be returned + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("match done via invalid glob pattern", func(t *testing.T) { + // given an application referring a project with a destination service account having an invalid glob pattern for namespace + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "e[[a*", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there must be an error as the glob pattern is invalid. + require.ErrorContains(t, err, "invalid glob pattern for destination namespace") + assert.Equal(t, expectedSA, sa) + }) + + t.Run("sa specified with a namespace", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts having a matching service account specified with its namespace + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "myns:test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "*", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:myns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + assert.Equal(t, expectedSA, sa) + + // then, there should not be any error and the service account with its namespace should be returned. + require.NoError(t, err) + }) +} + +func TestDeriveServiceAccountMatchingServers(t *testing.T) { + type fixture struct { + project *v1alpha1.AppProject + application *v1alpha1.Application + } + + setup := func(destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount, destinationNamespace, destinationServerURL, applicationNamespace string) *fixture { + project := &v1alpha1.AppProject{ + ObjectMeta: v1.ObjectMeta{ + Namespace: "argocd-ns", + Name: "testProj", + }, + Spec: v1alpha1.AppProjectSpec{ + DestinationServiceAccounts: destinationServiceAccounts, + }, + } + app := &v1alpha1.Application{ + ObjectMeta: v1.ObjectMeta{ + Namespace: applicationNamespace, + Name: "testApp", + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "testProj", + Destination: v1alpha1.ApplicationDestination{ + Server: destinationServerURL, + Namespace: destinationNamespace, + }, + }, + } + return &fixture{ + project: project, + application: app, + } + } + + t.Run("exact one match with multiple destination service accounts", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts and one exact match for application destination + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "guestbook", + DefaultServiceAccount: "guestbook-sa", + }, + { + Server: "https://abc.svc.local", + Namespace: "guestbook", + DefaultServiceAccount: "guestbook-test-sa", + }, + { + Server: "https://cde.svc.local", + Namespace: "guestbook", + DefaultServiceAccount: "default-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and the right service account must be returned. + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("first match to be used when multiple matches are available", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts and multiple matches for application destination + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "guestbook", + DefaultServiceAccount: "guestbook-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and first matching service account should be used + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("first match to be used when glob pattern is used", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts with a matching glob pattern and exact match + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "test*", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + assert.Equal(t, expectedSA, sa) + + // then, there should not be any error and the service account of the glob pattern, being the first match should be returned. + require.NoError(t, err) + }) + + t.Run("no match among a valid list", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts with no match + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa", + }, + { + Server: "https://abc.svc.local", + Namespace: "testns", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://cde.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://xyz.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "" + expectedErr := "no matching service account found for destination server https://xyz.svc.local and namespace testns" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there an error with appropriate message must be returned + require.EqualError(t, err, expectedErr) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("match done via catch all glob pattern", func(t *testing.T) { + // given an application referring a project with multiple destination service accounts with matching catch all glob pattern + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://kubernetes.svc.local", + Namespace: "testns1", + DefaultServiceAccount: "test-sa-2", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + { + Server: "*", + Namespace: "*", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://localhost:6443" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:testns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and the service account of the glob pattern match must be returned. + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) + + t.Run("match done via invalid glob pattern", func(t *testing.T) { + // given an application referring a project with a destination service account having an invalid glob pattern for server + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "e[[a*", + Namespace: "test-ns", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://kubernetes.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there must be an error as the glob pattern is invalid. + require.ErrorContains(t, err, "invalid glob pattern for destination server") + assert.Equal(t, expectedSA, sa) + }) + + t.Run("sa specified with a namespace", func(t *testing.T) { + // given app sync impersonation feature is enabled and matching service account is prefixed with a namespace + t.Parallel() + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "https://abc.svc.local", + Namespace: "testns", + DefaultServiceAccount: "myns:test-sa", + }, + { + Server: "https://kubernetes.svc.local", + Namespace: "default", + DefaultServiceAccount: "default-sa", + }, + { + Server: "*", + Namespace: "*", + DefaultServiceAccount: "test-sa", + }, + } + destinationNamespace := "testns" + destinationServerURL := "https://abc.svc.local" + applicationNamespace := "argocd-ns" + expectedSA := "system:serviceaccount:myns:test-sa" + + f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace) + // when + sa, err := deriveServiceAccountToImpersonate(f.project, f.application) + + // then, there should not be any error and the service account with the given namespace prefix must be returned. + require.NoError(t, err) + assert.Equal(t, expectedSA, sa) + }) +} + +func TestSyncWithImpersonate(t *testing.T) { + type fixture struct { + project *v1alpha1.AppProject + application *v1alpha1.Application + controller *ApplicationController + } + + setup := func(impersonationEnabled bool, destinationNamespace, serviceAccountName string) *fixture { + app := newFakeApp() + app.Status.OperationState = nil + app.Status.History = nil + project := &v1alpha1.AppProject{ + ObjectMeta: v1.ObjectMeta{ + Namespace: test.FakeArgoCDNamespace, + Name: "default", + }, + Spec: v1alpha1.AppProjectSpec{ + DestinationServiceAccounts: []v1alpha1. + ApplicationDestinationServiceAccount{ + { + Server: "https://localhost:6443", + Namespace: destinationNamespace, + DefaultServiceAccount: serviceAccountName, + }, + }, + }, + } + additionalObjs := []runtime.Object{} + if serviceAccountName != "" { + syncServiceAccount := &corev1.ServiceAccount{ + ObjectMeta: v1.ObjectMeta{ + Name: serviceAccountName, + Namespace: test.FakeDestNamespace, + }, + } + additionalObjs = append(additionalObjs, syncServiceAccount) + } + data := fakeData{ + apps: []runtime.Object{app, project}, + manifestResponse: &apiclient.ManifestResponse{ + Manifests: []*apiclient.Manifest{}, + Namespace: test.FakeDestNamespace, + Server: "https://localhost:6443", + Revision: "abc123", + }, + managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{}, + configMapData: map[string]string{ + "application.sync.impersonation.enabled": strconv.FormatBool(impersonationEnabled), + }, + additionalObjs: additionalObjs, + } + ctrl := newFakeController(&data, nil) + return &fixture{ + project: project, + application: app, + controller: ctrl, + } + } + + t.Run("sync with impersonation and no matching service account", func(t *testing.T) { + // given app sync impersonation feature is enabled with an application referring a project no matching service account + f := setup(true, test.FakeArgoCDNamespace, "") + opMessage := "failed to find a matching service account to impersonate: no matching service account found for destination server https://localhost:6443 and namespace fake-dest-ns" + + opState := &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{}, + }, + }, + Phase: common.OperationRunning, + } + // when + f.controller.appStateManager.SyncAppState(f.application, opState) + + // then, app sync should fail with expected error message in operation state + assert.Equal(t, common.OperationError, opState.Phase) + assert.Contains(t, opState.Message, opMessage) + }) + + t.Run("sync with impersonation and empty service account match", func(t *testing.T) { + // given app sync impersonation feature is enabled with an application referring a project matching service account that is an empty string + f := setup(true, test.FakeDestNamespace, "") + opMessage := "failed to find a matching service account to impersonate: default service account contains invalid chars ''" + + opState := &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{}, + }, + }, + Phase: common.OperationRunning, + } + // when + f.controller.appStateManager.SyncAppState(f.application, opState) + + // then app sync should fail with expected error message in operation state + assert.Equal(t, common.OperationError, opState.Phase) + assert.Contains(t, opState.Message, opMessage) + }) + + t.Run("sync with impersonation and matching sa", func(t *testing.T) { + // given app sync impersonation feature is enabled with an application referring a project matching service account + f := setup(true, test.FakeDestNamespace, "test-sa") + opMessage := "successfully synced (no more tasks)" + + opState := &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{}, + }, + }, + Phase: common.OperationRunning, + } + // when + f.controller.appStateManager.SyncAppState(f.application, opState) + + // then app sync should not fail + assert.Equal(t, common.OperationSucceeded, opState.Phase) + assert.Contains(t, opState.Message, opMessage) + }) + + t.Run("sync without impersonation", func(t *testing.T) { + // given app sync impersonation feature is disabled with an application referring a project matching service account + f := setup(false, test.FakeDestNamespace, "") + opMessage := "successfully synced (no more tasks)" + + opState := &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{}, + }, + }, + Phase: common.OperationRunning, + } + // when + f.controller.appStateManager.SyncAppState(f.application, opState) + + // then application sync should pass using the control plane service account + assert.Equal(t, common.OperationSucceeded, opState.Phase) + assert.Contains(t, opState.Message, opMessage) + }) +} + func dig[T any](obj interface{}, path []interface{}) T { i := obj diff --git a/docs/developer-guide/debugging-remote-environment.md b/docs/developer-guide/debugging-remote-environment.md index 5548d3444af8c..f87d1a0bb009d 100644 --- a/docs/developer-guide/debugging-remote-environment.md +++ b/docs/developer-guide/debugging-remote-environment.md @@ -21,7 +21,7 @@ curl -sSfL https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/i Connect to one of the services, for example, to debug the main ArgoCD server run: ```shell kubectl config set-context --current --namespace argocd -telepresence helm install # Installs telepresence into your cluster +telepresence helm install --set agent.securityContext={} # Installs telepresence into your cluster telepresence connect # Starts the connection to your cluster (bound to the current namespace) telepresence intercept argocd-server --port 8080:http --env-file .envrc.remote # Starts the interception ``` diff --git a/docs/developer-guide/docs-site.md b/docs/developer-guide/docs-site.md new file mode 100644 index 0000000000000..43b3fba747186 --- /dev/null +++ b/docs/developer-guide/docs-site.md @@ -0,0 +1,25 @@ +# Documentation Site + +## Developing And Testing + +The [documentation website](https://argo-cd.readthedocs.io/) is built using `mkdocs` and `mkdocs-material`. + +To test: + +```bash +make serve-docs +``` +Once running, you can view your locally built documentation at [http://0.0.0.0:8000/](http://0.0.0.0:8000/). +Making changes to documentation will automatically rebuild and refresh the view. + +Before submitting a PR build the website, to verify that there are no errors building the site +```bash +make build-docs +``` + +## Analytics + +!!! tip + Don't forget to disable your ad-blocker when testing. + +We collect [Google Analytics](https://analytics.google.com/analytics/web/#/report-home/a105170809w198079555p192782995). diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md index 5d561657eb873..aab57a275e90e 100644 --- a/docs/developer-guide/extensions/proxy-extensions.md +++ b/docs/developer-guide/extensions/proxy-extensions.md @@ -60,7 +60,38 @@ data: server: https://some-cluster ``` -Note: There is no need to restart Argo CD Server after modifiying the +Proxy extensions can also be provided individually using dedicated +Argo CD configmap keys for better GitOps operations. The example below +demonstrates how to configure the same hypothetical httpbin config +above using a dedicated key: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + namespace: argocd +data: + extension.config.httpbin: | + connectionTimeout: 2s + keepAlive: 15s + idleConnectionTimeout: 60s + maxIdleConnections: 30 + services: + - url: http://httpbin.org + headers: + - name: some-header + value: '$some.argocd.secret.key' + cluster: + name: some-cluster + server: https://some-cluster +``` + +Attention: Extension names must be unique in the Argo CD configmap. If +duplicated keys are found, the Argo CD API server will log an error +message and no proxy extension will be registered. + +Note: There is no need to restart Argo CD Server after modifying the `extension.config` entry in Argo CD configmap. Changes will be automatically applied. A new proxy registry will be built making all new incoming extensions requests (`/extensions/*`) to @@ -264,6 +295,14 @@ Note that additional pre-configured headers can be added to outgoing request. See [backend service headers](#extensionsbackendservicesheaders-list) section for more details. +#### `Argocd-Username` + +Will be populated with the username logged in Argo CD. + +#### `Argocd-User-Groups` + +Will be populated with the 'groups' claim from the user logged in Argo CD. + ### Multi Backend Use-Case In some cases when Argo CD is configured to sync with multiple remote diff --git a/docs/developer-guide/extensions/ui-extensions.md b/docs/developer-guide/extensions/ui-extensions.md index 8d3d9dc4a3882..ffe4ba936cc74 100644 --- a/docs/developer-guide/extensions/ui-extensions.md +++ b/docs/developer-guide/extensions/ui-extensions.md @@ -6,7 +6,7 @@ in the `argocd-server` Pods that are placed in the `/tmp/extensions` directory a ``` /tmp/extensions ├── example1 -│   └── extension-1.js +│ └── extension-1.js └── example2 └── extension-2.js ``` @@ -73,7 +73,7 @@ registerSystemLevelExtension(component: ExtensionComponent, title: string, optio Below is an example of a simple system level extension: -```typescript +```javascript ((window) => { const component = () => { return React.createElement( @@ -106,7 +106,7 @@ registerStatusPanelExtension(component: StatusPanelExtensionComponent, title: st Below is an example of a simple extension: -```typescript +```javascript ((window) => { const component = () => { return React.createElement( @@ -129,32 +129,95 @@ It is also possible to add an optional flyout widget to your extension. It can b Below is an example of an extension using the flyout widget: -```typescript + +```javascript ((window) => { const component = (props: { - openFlyout: () => any - }) => { + openFlyout: () => any + }) => { return React.createElement( - "div", - { - style: { padding: "10px" }, - onClick: () => props.openFlyout() - }, - "Hello World" + "div", + { + style: { padding: "10px" }, + onClick: () => props.openFlyout() + }, + "Hello World" ); }; const flyout = () => { return React.createElement( - "div", - { style: { padding: "10px" } }, - "This is a flyout" + "div", + { style: { padding: "10px" } }, + "This is a flyout" ); }; window.extensionsAPI.registerStatusPanelExtension( - component, - "My Extension", - "my_extension", - flyout + component, + "My Extension", + "my_extension", + flyout ); })(window); ``` + +## Top Bar Action Menu Extensions + +The top bar panel is the action menu at the top of the application view where the action buttons are displayed like Details, Sync, Refresh. Argo CD allows you to add new button to the top bar action menu of an application. +When the extension button is clicked, the custom widget will be rendered in a flyout panel. + +The extension should be registered using the `extensionsAPI.registerTopBarActionMenuExt` method: + +```typescript +registerTopBarActionMenuExt( + component: TopBarActionMenuExtComponent, + title: string, + id: string, + flyout?: ExtensionComponent, + shouldDisplay: (app?: Application) => boolean = () => true, + iconClassName?: string, + isMiddle = false +) +``` + +The callback function `shouldDisplay` should return true if the extension should be displayed and false otherwise: + +```typescript +const shouldDisplay = (app: Application) => { + return application.metadata?.labels?.['application.environmentLabelKey'] === "prd"; +}; +``` + +Below is an example of a simple extension with a flyout widget: + +```javascript +((window) => { + const shouldDisplay = () => { + return true; + }; + const flyout = () => { + return React.createElement( + "div", + { style: { padding: "10px" } }, + "This is a flyout" + ); + }; + const component = () => { + return React.createElement( + "div", + { + onClick: () => flyout() + }, + "Toolbar Extension Test" + ); + }; + window.extensionsAPI.registerTopBarActionMenuExt( + component, + "Toolbar Extension Test", + "Toolbar_Extension_Test", + flyout, + shouldDisplay, + '', + true + ); +})(window); +``` \ No newline at end of file diff --git a/docs/operator-manual/app-sync-using-impersonation.md b/docs/operator-manual/app-sync-using-impersonation.md new file mode 100644 index 0000000000000..98174a82d0e9e --- /dev/null +++ b/docs/operator-manual/app-sync-using-impersonation.md @@ -0,0 +1,131 @@ +# Application Sync using impersonation + +!!! warning "Alpha Feature" + This is an experimental, alpha-quality feature that allows you to control the service account used for the sync operation. The configured service account could have lesser privileges required for creating resources compared to the highly privileged access required for the control plane operations. + +!!! warning + Please read this documentation carefully before you enable this feature. Misconfiguration could lead to potential security issues. + +## Introduction + +Argo CD supports syncing `Application` resources using the same service account used for its control plane operations. This feature enables users to decouple service account used for application sync from the service account used for control plane operations. + +By default, application syncs in Argo CD have the same privileges as the Argo CD control plane. As a consequence, in a multi-tenant setup, the Argo CD control plane privileges needs to match the tenant that needs the highest privileges. As an example, if an Argo CD instance has 10 Applications and only one of them requires admin privileges, then the Argo CD control plane must have admin privileges in order to be able to sync that one Application. This provides an opportunity for malicious tenants to gain admin level access. Argo CD provides a multi-tenancy model to restrict what each `Application` is authorized to do using `AppProjects`, however it is not secure enough and if Argo CD is compromised, attackers will easily gain `cluster-admin` access to the cluster. + +Some manual steps will need to be performed by the Argo CD administrator in order to enable this feature, as it is disabled by default. + +!!! note + This feature is considered alpha as of now. Some of the implementation details may change over the course of time until it is promoted to a stable status. We will be happy if early adopters use this feature and provide us with bug reports and feedback. + +### What is Impersonation + +Impersonation is a feature in Kubernetes and enabled in the `kubectl` CLI client, using which, a user can act as another user through impersonation headers. For example, an admin could use this feature to debug an authorization policy by temporarily impersonating another user and seeing if a request was denied. + +Impersonation requests first authenticate as the requesting user, then switch to the impersonated user info. + +## Prerequisites + +In a multi-team/multi-tenant environment, a team/tenant is typically granted access to a target namespace to self-manage their kubernetes resources in a declarative way. +A typical tenant onboarding process looks like below: +1. The platform admin creates a tenant namespace and the service account to be used for creating the resources is also created in the same tenant namespace. +2. The platform admin creates one or more Role(s) to manage kubernetes resources in the tenant namespace +3. The platform admin creates one or more RoleBinding(s) to map the service account to the role(s) created in the previous steps. +4. The platform admin can choose to use either the [apps-in-any-namespace](./app-any-namespace.md) feature or provide access to tenants to create applications in the ArgoCD control plane namespace. +5. If the platform admin chooses apps-in-any-namespace feature, tenants can self-service their Argo applications in their respective tenant namespaces and no additional access needs to be provided for the control plane namespace. + +## Implementation details + +### Overview + +In order for an application to use a different service account for the application sync operation, the following steps needs to be performed: + +1. The impersonation feature flag should be enabled. Please refer the steps provided in [Enable application sync with impersonation feature](#enable-application-sync-with-impersonation-feature) + +2. The `AppProject` referenced by the `.spec.project` field of the `Application` must have the `DestinationServiceAccounts` mapping the destination server and namespace to a service account to be used for the sync operation. Please refer the steps provided in [Configuring destination service accounts](#configuring-destination-service-accounts) + + +### Enable application sync with impersonation feature + +In order to enable this feature, the Argo CD administrator must reconfigure the `application.sync.impersonation.enabled` settings in the `argocd-cm` ConfigMap as below: + +```yaml +data: + application.sync.impersonation.enabled: "true" +``` + +### Disable application sync with impersonation feature + +In order to disable this feature, the Argo CD administrator must reconfigure the `application.sync.impersonation.enabled` settings in the `argocd-cm` ConfigMap as below: + +```yaml +data: + application.sync.impersonation.enabled: "false" +``` + +!!! note + This feature is disabled by default. + +!!! note + This feature can be enabled/disabled only at the system level and once enabled/disabled it is applicable to all Applications managed by ArgoCD. + +## Configuring destination service accounts + +Destination service accounts can be added to the `AppProject` under `.spec.destinationServiceAccounts`. Specify the target destination `server` and `namespace` and provide the service account to be used for the sync operation using `defaultServiceAccount` field. Applications that refer this `AppProject` will use the corresponding service account configured for its destination. + +During the application sync operation, the controller loops through the available `destinationServiceAccounts` in the mapped `AppProject` and tries to find a matching candidate. If there are multiple matches for a destination server and namespace combination, then the first valid match will be considered. If there are no matches, then an error is reported during the sync operation. In order to avoid such sync errors, it is highly recommended that a valid service account may be configured as a catch-all configuration, for all target destinations and kept in lowest order of priority. + +It is possible to specify service accounts along with its namespace. eg: `tenant1-ns:guestbook-deployer`. If no namespace is provided for the service account, then the Application's `spec.destination.namespace` will be used. If no namespace is provided for the service account and the optional `spec.destination.namespace` field is also not provided in the `Application`, then the Application's namespace will be used. + +`DestinationServiceAccounts` associated to a `AppProject` can be created and managed, either declaratively or through the Argo CD API (e.g. using the CLI, the web UI, the REST API, etc). + +### Using declarative yaml + +For declaratively configuring destination service accounts, create an yaml file for the `AppProject` as below and apply the changes using `kubectl apply` command. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: my-project + namespace: argocd +spec: + description: Example Project + # Allow manifests to deploy from any Git repos + sourceRepos: + - '*' + destinations: + - '*' + destinationServiceAccounts: + - server: https://kubernetes.default.svc + namespace: guestbook + defaultServiceAccount: guestbook-deployer + - server: https://kubernetes.default.svc + namespace: guestbook-dev + defaultServiceAccount: guestbook-dev-deployer + - server: https://kubernetes.default.svc + namespace: guestbook-stage + defaultServiceAccount: guestbook-stage-deployer + - server: https://kubernetes.default.svc # catch-all configuration + namespace: '*' + defaultServiceAccount: default +``` + +### Using the CLI + +Destination service accounts can be added to an `AppProject` using the ArgoCD CLI. + +For example, to add a destination service account for `in-cluster` and `guestbook` namespace, you can use the following CLI command: + +```shell +argocd proj add-destination-service-account my-project https://kubernetes.default.svc guestbook guestbook-sa +``` + +Likewise, to remove the destination service account from an `AppProject`, you can use the following CLI command: + +```shell +argocd proj remove-destination-service-account my-project https://kubernetes.default.svc guestbook +``` + +### Using the UI + +Similar to the CLI, you can add destination service account when creating or updating an `AppProject` from the UI diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 864a293ce6890..051ca6a1755e3 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -90,6 +90,19 @@ spec: # and decide which Helm binary to use automatically. This field can be either 'v2' or 'v3'. version: v2 + # You can specify the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses + # the Kubernetes version of the target cluster. The value must be semver formatted. Do not prefix with `v`. + kubeVersion: 1.30.0 + + # You can specify the Kubernetes resource API versions to pass to Helm when templating manifests. By default, Argo + # CD uses the API versions of the target cluster. The format is [group/]version/kind. + apiVersions: + - traefik.io/v1alpha1/TLSOption + - v1/Service + + # Optional namespace to template with. If left empty, defaults to the app's destination namespace. + namespace: custom-namespace + # kustomize specific config kustomize: # Optional kustomize version. Note: version must be configured in argocd-cm ConfigMap @@ -103,6 +116,8 @@ spec: beep: boop-${ARGOCD_APP_REVISION} # Toggle which enables/disables env variables substitution in commonAnnotations commonAnnotationsEnvsubst: true + forceCommonLabels: false + forceCommonAnnotations: false images: - gcr.io/heptio-images/ks-guestbook-demo:0.2 - my-app=gcr.io/my-repo/my-app:0.1 @@ -110,6 +125,27 @@ spec: replicas: - name: kustomize-guestbook-ui count: 4 + components: + - ../component # relative to the kustomization.yaml (`source.path`). + patches: + - target: + kind: Deployment + name: guestbook-ui + patch: |- + - op: add # Add new element to manifest + path: /spec/template/spec/nodeSelector/ + value: + env: "pro" + + # You can specify the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses + # the Kubernetes version of the target cluster. The value must be semver formatted. Do not prefix with `v`. + kubeVersion: 1.30.0 + + # You can specify the Kubernetes resource API versions to pass to Helm when templating manifests. By default, Argo + # CD uses the API versions of the target cluster. The format is [group/]version/kind. + apiVersions: + - traefik.io/v1alpha1/TLSOption + - v1/Service # directory directory: diff --git a/docs/operator-manual/applicationset/Appset-Any-Namespace.md b/docs/operator-manual/applicationset/Appset-Any-Namespace.md index 4e28bc3a8172d..f6124f098cb6d 100644 --- a/docs/operator-manual/applicationset/Appset-Any-Namespace.md +++ b/docs/operator-manual/applicationset/Appset-Any-Namespace.md @@ -25,7 +25,9 @@ This feature can only be enabled and used when your Argo CD ApplicationSet contr ### SCM Providers secrets consideration -By allowing ApplicationSet in any namespace you must be aware that any secrets can be exfiltrated using `scmProvider` or `pullRequest` generators. +By allowing ApplicationSet in any namespace you must be aware that any secrets can be exfiltrated using `scmProvider` or `pullRequest` generators. This means if ApplicationSet controller is configured to allow namespace `appNs` and some user is allowed to create +an ApplicationSet in `appNs` namespace, then the user can install a malicious Pod into the `appNs` namespace as described below +and read out the content of the secret indirectly, thus exfiltrating the secret value. Here is an example: @@ -34,6 +36,7 @@ apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: myapps + namespace: appNs spec: goTemplate: true goTemplateOptions: ["missingkey=error"] @@ -43,7 +46,7 @@ spec: # The Gitea owner to scan. owner: myorg # With this malicious setting, user can send all request to a Pod that will log incoming requests including headers with tokens - api: http://my-service.my-namespace.svc.cluster.local + api: http://my-service.appNs.svc.cluster.local # If true, scan every branch of every repository. If false, scan only the default branch. Defaults to false. allBranches: true # By changing this token reference, user can exfiltrate any secrets @@ -53,7 +56,7 @@ spec: template: ``` -Therefore administrator must restrict the urls of the allowed SCM Providers (example: `https://git.mydomain.com/,https://gitlab.mydomain.com/`) by setting the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS` to argocd-cmd-params-cm `applicationsetcontroller.allowed.scm.providers`. If another url is used, it will be rejected by the applicationset controller. +In order to prevent the scenario above administrator must restrict the urls of the allowed SCM Providers (example: `https://git.mydomain.com/,https://gitlab.mydomain.com/`) by setting the environment variable `ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS` to argocd-cmd-params-cm `applicationsetcontroller.allowed.scm.providers`. If another url is used, it will be rejected by the applicationset controller. For example: ```yaml diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index ae65fa3462e5b..1636d348cb009 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -343,3 +343,15 @@ metadata: data: applicationsetcontroller.log.level: debug ``` + +## Previewing changes + +To preview changes that the ApplicationSet controller would make to Applications, you can create the AppSet in dry-run +mode. This works whether the AppSet already exists or not. + +```shell +argocd appset create --dry-run ./appset.yaml -o json | jq -r '.status.resources[].name' +``` + +The dry-run will populate the returned ApplicationSet's status with the Applications which would be managed with the +given config. You can compare to the existing Applications to see what would change. diff --git a/docs/operator-manual/applicationset/Generators-Matrix.md b/docs/operator-manual/applicationset/Generators-Matrix.md index 0396b8c0e06d3..91b1bb3abb778 100644 --- a/docs/operator-manual/applicationset/Generators-Matrix.md +++ b/docs/operator-manual/applicationset/Generators-Matrix.md @@ -22,8 +22,8 @@ As an example, imagine that we have two clusters: And our application YAMLs are defined in a Git repository: -- Argo Workflows controller (examples/git-generator-directory/cluster-addons/argo-workflows) -- Prometheus operator (/examples/git-generator-directory/cluster-addons/prometheus-operator) +- [Argo Workflows controller](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-directory/cluster-addons/argo-workflows) +- [Prometheus operator](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator) Our goal is to deploy both applications onto both clusters, and, more generally, in the future to automatically deploy new applications in the Git repository, and to new clusters defined within Argo CD, as well. diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md index a213c1dbb23bb..2e6dffaaf5f32 100644 --- a/docs/operator-manual/applicationset/Generators-Pull-Request.md +++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md @@ -99,6 +99,10 @@ spec: pullRequestState: opened # If true, skips validating the SCM provider's TLS certificate - useful for self-signed certificates. insecure: false + # Reference to a ConfigMap containing trusted CA certs - useful for self-signed certificates. (optional) + caRef: + configMapName: argocd-tls-certs-cm + key: gitlab-ca requeueAfterSeconds: 1800 template: # ... @@ -110,6 +114,7 @@ spec: * `labels`: Labels is used to filter the MRs that you want to target. (Optional) * `pullRequestState`: PullRequestState is an additional MRs filter to get only those with a certain state. Default: "" (all states) * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. +* `caRef`: Optional `ConfigMap` name and key containing the GitLab certificates to trust - useful for self-signed TLS certificates. Possibly reference the ArgoCD CM holding the trusted certs. As a preferable alternative to setting `insecure` to true, you can configure self-signed TLS certificates for Gitlab by [mounting self-signed certificate to the applicationset controller](./Generators-SCM-Provider.md#self-signed-tls-certificates). @@ -170,7 +175,8 @@ spec: repo: myrepository # URL of the Bitbucket Server. Required. api: https://mycompany.bitbucket.org - # Credentials for Basic authentication. Required for private repositories. + # Credentials for Basic authentication (App Password). Either basicAuth or bearerToken + # authentication is required to access private repositories basicAuth: # The username to authenticate with username: myuser @@ -178,6 +184,19 @@ spec: passwordRef: secretName: mypassword key: password + # Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken + # authentication is required to access private repositories + bearerToken: + # Reference to a Secret containing the bearer token. + tokenRef: + secretName: repotoken + key: token + # If true, skips validating the SCM provider's TLS certificate - useful for self-signed certificates. + insecure: true + # Reference to a ConfigMap containing trusted CA certs - useful for self-signed certificates. (optional) + caRef: + configMapName: argocd-tls-certs-cm + key: bitbucket-ca # Labels are not supported by Bitbucket Server, so filtering by label is not possible. # Filter PRs using the source branch name. (optional) filters: @@ -195,6 +214,13 @@ If you want to access a private repository, you must also provide the credential * `username`: The username to authenticate with. It only needs read access to the relevant repo. * `passwordRef`: A `Secret` name and key containing the password or personal access token to use for requests. +In case of Bitbucket App Token, go with `bearerToken` section. +* `tokenRef`: A `Secret` name and key containing the app token to use for requests. + +In case self-signed BitBucket Server certificates, the following options can be usefully: +* `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. +* `caRef`: Optional `ConfigMap` name and key containing the BitBucket server certificates to trust - useful for self-signed TLS certificates. Possibly reference the ArgoCD CM holding the trusted certs. + ## Bitbucket Cloud Fetch pull requests from a repo hosted on a Bitbucket Cloud. @@ -228,6 +254,7 @@ spec: # Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken # authentication is required to access private repositories bearerToken: + # Reference to a Secret containing the bearer token. tokenRef: secretName: repotoken key: token @@ -351,7 +378,7 @@ spec: helm: parameters: - name: "image.tag" - value: "pull-{{.head_sha}}" + value: "pull-{{.author}}-{{.head_sha}}" project: "my-project" destination: server: https://kubernetes.default.svc @@ -384,7 +411,7 @@ spec: commonLabels: app.kubernetes.io/instance: '{{.branch}}-{{.number}}' images: - - 'ghcr.io/myorg/myrepo:{{.head_sha}}' + - 'ghcr.io/myorg/myrepo:{{.author}}-{{.head_sha}}' project: "my-project" destination: server: https://kubernetes.default.svc @@ -392,6 +419,7 @@ spec: ``` * `number`: The ID number of the pull request. +* `title`: The title of the pull request. * `branch`: The name of the branch of the pull request head. * `branch_slug`: The branch name will be cleaned to be conform to the DNS label standard as defined in [RFC 1123](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names), and truncated to 50 characters to give room to append/suffix-ing it with 13 more characters. * `target_branch`: The name of the target branch of the pull request. @@ -400,6 +428,7 @@ spec: * `head_short_sha`: This is the short SHA of the head of the pull request (8 characters long or the length of the head SHA if it's shorter). * `head_short_sha_7`: This is the short SHA of the head of the pull request (7 characters long or the length of the head SHA if it's shorter). * `labels`: The array of pull request labels. (Supported only for Go Template ApplicationSet manifests.) +* `author`: The author/creator of the pull request. ## Webhook Configuration diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index 40c8e552fe573..d48c07403573a 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -98,6 +98,10 @@ spec: key: token # If true, skips validating the SCM provider's TLS certificate - useful for self-signed certificates. insecure: false + # Reference to a ConfigMap containing trusted CA certs - useful for self-signed certificates. (optional) + caRef: + configMapName: argocd-tls-certs-cm + key: gitlab-ca template: # ... ``` @@ -110,6 +114,7 @@ spec: * `topic`: filter projects by topic. A single topic is supported by Gitlab API. Defaults to "" (all topics). * `tokenRef`: A `Secret` name and key containing the GitLab access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. +* `caRef`: Optional `ConfigMap` name and key containing the GitLab certificates to trust - useful for self-signed TLS certificates. Possibly reference the ArgoCD CM holding the trusted certs. For label filtering, the repository topics are used. @@ -178,7 +183,8 @@ spec: api: https://mycompany.bitbucket.org # If true, scan every branch of every repository. If false, scan only the default branch. Defaults to false. allBranches: true - # Credentials for Basic authentication. Required for private repositories. + # Credentials for Basic authentication (App Password). Either basicAuth or bearerToken + # authentication is required to access private repositories basicAuth: # The username to authenticate with username: myuser @@ -186,6 +192,19 @@ spec: passwordRef: secretName: mypassword key: password + # Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken + # authentication is required to access private repositories + bearerToken: + # Reference to a Secret containing the bearer token. + tokenRef: + secretName: repotoken + key: token + # If true, skips validating the SCM provider's TLS certificate - useful for self-signed certificates. + insecure: true + # Reference to a ConfigMap containing trusted CA certs - useful for self-signed certificates. (optional) + caRef: + configMapName: argocd-tls-certs-cm + key: bitbucket-ca # Support for filtering by labels is TODO. Bitbucket server labels are not supported for PRs, but they are for repos template: # ... @@ -199,6 +218,13 @@ If you want to access a private repository, you must also provide the credential * `username`: The username to authenticate with. It only needs read access to the relevant repo. * `passwordRef`: A `Secret` name and key containing the password or personal access token to use for requests. +In case of Bitbucket App Token, go with `bearerToken` section. +* `tokenRef`: A `Secret` name and key containing the app token to use for requests. + +In case self-signed BitBucket Server certificates, the following options can be usefully: +* `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. +* `caRef`: Optional `ConfigMap` name and key containing the BitBucket server certificates to trust - useful for self-signed TLS certificates. Possibly reference the ArgoCD CM holding the trusted certs. + Available clone protocols are `ssh` and `https`. ## Azure DevOps diff --git a/docs/operator-manual/applicationset/Progressive-Syncs.md b/docs/operator-manual/applicationset/Progressive-Syncs.md index edfe0dad101f2..8ef8a05439ae9 100644 --- a/docs/operator-manual/applicationset/Progressive-Syncs.md +++ b/docs/operator-manual/applicationset/Progressive-Syncs.md @@ -42,6 +42,7 @@ When the ApplicationSet changes, the changes will be applied to each group of Ap * Sync operations are triggered the same way as if they were triggered by the UI or CLI (by directly setting the `operation` status field on the Application resource). This means that a RollingSync will respect sync windows just as if a user had clicked the "Sync" button in the Argo UI. * When a sync is triggered, the sync is performed with the same syncPolicy configured for the Application. For example, this preserves the Application's retry settings. * If an Application is considered "Pending" for `applicationsetcontroller.default.application.progressing.timeout` seconds, the Application is automatically moved to Healthy status (default 300). +* If an Application is not selected in any step, it will be excluded from the rolling sync and needs to be manually synced through the CLI or UI. #### Example The following example illustrates how to stage a progressive sync over Applications with explicitly configured environment labels. diff --git a/docs/operator-manual/applicationset/Template.md b/docs/operator-manual/applicationset/Template.md index e0fd2599be670..6bc6f24dc0310 100644 --- a/docs/operator-manual/applicationset/Template.md +++ b/docs/operator-manual/applicationset/Template.md @@ -9,21 +9,24 @@ ApplicationSet is using [fasttemplate](https://github.com/valyala/fasttemplate) An Argo CD Application is created by combining the parameters from the generator with fields of the template (via `{{values}}`), and from that a concrete `Application` resource is produced and applied to the cluster. Here is the template subfield from a Cluster generator: + ```yaml # (...) template: metadata: - name: '{{cluster}}-guestbook' + name: '{{ .nameNormalized }}-guestbook' spec: source: repoURL: https://github.com/infra-team/cluster-deployments.git targetRevision: HEAD - path: guestbook/{{cluster}} + path: guestbook/{{ .nameNormalized }} destination: - server: '{{url}}' + server: '{{ .server }}' namespace: guestbook ``` +For details on all available parameters (like `.name`, `.nameNormalized`, etc.) please refer to the [Cluster Generator docs](./Generators-Cluster.md). + The template subfields correspond directly to [the spec of an Argo CD `Application` resource](../../declarative-setup/#applications): - `project` refers to the [Argo CD Project](../../user-guide/projects.md) in use (`default` may be used here to utilize the default Argo CD Project) @@ -54,7 +57,7 @@ template as a Helm string literal. For example: ```yaml metadata: - name: '{{`{{.cluster}}`}}-guestbook' + name: '{{`{{ .nameNormalized }}`}}-guestbook' ``` This _only_ applies if you use Helm to deploy your ApplicationSet resources. @@ -89,12 +92,12 @@ spec: targetRevision: HEAD repoURL: https://github.com/argoproj/argo-cd.git # New path value is generated here: - path: 'applicationset/examples/template-override/{{cluster}}-override' + path: 'applicationset/examples/template-override/{{ .nameNormalized }}-override' destination: {} template: metadata: - name: '{{cluster}}-guestbook' + name: '{{ .nameNormalized }}-guestbook' spec: project: "default" source: @@ -103,7 +106,7 @@ spec: # This 'default' value is not used: it is replaced by the generator's template path, above path: applicationset/examples/template-override/default destination: - server: '{{url}}' + server: '{{ .server }}' namespace: guestbook ``` (*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/template-override).*) @@ -141,15 +144,15 @@ spec: - values.debug.yaml template: metadata: - name: '{{.cluster}}-deployment' + name: '{{ .nameNormalized }}-deployment' spec: project: "default" source: repoURL: https://github.com/infra-team/cluster-deployments.git targetRevision: HEAD - path: guestbook/{{ .cluster }} + path: guestbook/{{ .nameNormalized }} destination: - server: '{{.url}}' + server: '{{ .server }}' namespace: guestbook templatePatch: | spec: diff --git a/docs/operator-manual/core.md b/docs/operator-manual/core.md index 3d6e0a322c423..79b2530cfe340 100644 --- a/docs/operator-manual/core.md +++ b/docs/operator-manual/core.md @@ -12,6 +12,7 @@ installation: - Argo CD RBAC model - Argo CD API +- Argo CD Notification Controller - OIDC based authentication The following features will be partially available (see the diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index 6a5ab8ba56772..74c3196f8612a 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -26,7 +26,7 @@ Each link in the list has five subfields: 4. `icon.class` (optional): a font-awesome icon class to be used when displaying the links in dropdown menus 5. `if` (optional): a conditional statement that results in either `true` or `false`, it also has access to the same data as the `url` field. If the condition resolves to `true` the deep link will be displayed - else it will be hidden. If - the field is omitted, by default the deep links will be displayed. This uses [antonmedv/expr](https://github.com/antonmedv/expr/tree/master/docs) for evaluating conditions + the field is omitted, by default the deep links will be displayed. This uses [expr-lang/expr](https://github.com/expr-lang/expr/tree/master/docs) for evaluating conditions !!!note For resources of kind Secret the data fields are redacted but other fields are accessible for templating the deep links. @@ -63,7 +63,7 @@ An example `argocd-cm.yaml` file with deep links and their variations : - url: https://mycompany.splunk.com?search={{.app.spec.destination.namespace}}&env={{.project.metadata.labels.env}} title: Splunk # conditionally show link e.g. for specific project - # github.com/antonmedv/expr is used for evaluation of conditions + # github.com/expr-lang/expr is used for evaluation of conditions - url: https://mycompany.splunk.com?search={{.app.spec.destination.namespace}} title: Splunk if: application.spec.project == "default" diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index e958d1a7634ac..ad23dfa295d11 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -38,21 +38,19 @@ metadata: app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd data: - resource.customizations: | - argoproj.io/Application: - health.lua: | - hs = {} - hs.status = "Progressing" - hs.message = "" - if obj.status ~= nil then - if obj.status.health ~= nil then - hs.status = obj.status.health.status - if obj.status.health.message ~= nil then - hs.message = obj.status.health.message - end - end + resource.customizations.health.argoproj.io_Application: | + hs = {} + hs.status = "Progressing" + hs.message = "" + if obj.status ~= nil then + if obj.status.health ~= nil then + hs.status = obj.status.health.status + if obj.status.health.message ~= nil then + hs.message = obj.status.health.message end - return hs + end + end + return hs ``` ## Custom Health Checks @@ -68,9 +66,7 @@ There are two ways to configure a custom health check. The next two sections des Custom health checks can be defined in ```yaml - resource.customizations: | - : - health.lua: | + resource.customizations.health._: | ``` field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations). @@ -78,32 +74,32 @@ The following example demonstrates a health check for `cert-manager.io/Certifica ```yaml data: - resource.customizations: | - cert-manager.io/Certificate: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = condition.message - return hs - end - end + resource.customizations.health.cert-manager.io_Certificate: | + hs = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs end end + end + end - hs.status = "Progressing" - hs.message = "Waiting for certificate" - return hs + hs.status = "Progressing" + hs.message = "Waiting for certificate" + return hs ``` -In order to prevent duplication of the custom health check for potentially multiple resources, it is also possible to specify a wildcard in the resource kind, and anywhere in the resource group, like this: + +In order to prevent duplication of custom health checks for potentially multiple resources, it is also possible to +specify a wildcard in the resource kind, and anywhere in the resource group, like this: ```yaml resource.customizations: | @@ -113,14 +109,16 @@ In order to prevent duplication of the custom health check for potentially multi ``` ```yaml + # If a key _begins_ with a wildcard, please ensure that the GVK key is quoted. resource.customizations: | "*.aws.crossplane.io/*": - health.lua: | + health.lua: | ... ``` !!!important - Please note the required quotes in the resource customization health section, if the wildcard starts with `*`. + Please, note that wildcards are only supported when using the `resource.customizations` key, the `resource.customizations.health._` +style keys do not work since wildcards (`*`) are not supported in Kubernetes configmap keys. The `obj` is a global variable which contains the resource. The script must return an object with status and optional message field. The custom health check might return one of the following health statuses: @@ -130,18 +128,16 @@ The custom health check might return one of the following health statuses: * `Degraded` - the resource is degraded * `Suspended` - the resource is suspended and waiting for some external event to resume (e.g. suspended CronJob or paused Deployment) -By default health typically returns `Progressing` status. +By default, health typically returns a `Progressing` status. NOTE: As a security measure, access to the standard Lua libraries will be disabled by default. Admins can control access by -setting `resource.customizations.useOpenLibs.`. In the following example, standard libraries are enabled for health check of `cert-manager.io/Certificate`. +setting `resource.customizations.useOpenLibs._`. In the following example, standard libraries are enabled for health check of `cert-manager.io/Certificate`. ```yaml data: - resource.customizations: | - cert-manager.io/Certificate: - health.lua.useOpenLibs: true - health.lua: | - # Lua standard libraries are enabled for this script + resource.customizations.useOpenLibs.cert-manager.io_Certificate: true + resource.customizations.health.cert-manager.io_Certificate: | + # Lua standard libraries are enabled for this script ``` ### Way 2. Contribute a Custom Health Check diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 632ac2fb1286b..7808bfd677bfd 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -130,6 +130,10 @@ stringData: count (grouped by k8s api version, the granule of parallelism for list operations). In this case, all resources will be buffered in memory -- no api server request will be blocked by processing. +* `ARGOCD_APPLICATION_TREE_SHARD_SIZE` - environment variable controlling the max number of resources stored in one Redis + key. Splitting application tree into multiple keys helps to reduce the amount of traffic between the controller and Redis. + The default value is 0, which means that the application tree is stored in a single Redis key. The reasonable value is 100. + **metrics** * `argocd_app_reconcile` - reports application reconciliation duration in seconds. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. @@ -371,3 +375,17 @@ Not all HTTP responses are eligible for retries. The following conditions will n * Responses with a status code indicating client errors (4xx) except for 429 Too Many Requests. * Responses with the status code 501 Not Implemented. + + +## CPU/Memory Profiling + +Argo CD optionally exposes a profiling endpoint that can be used to profile the CPU and memory usage of the Argo CD component. +The profiling endpoint is available on metrics port of each component. See [metrics](./metrics.md) for more information about the port. +For security reasons the profiling endpoint is disabled by default. The endpoint can be enabled by setting the `server.profile.enabled` +or `controller.profile.enabled` key of [argocd-cmd-params-cm](argocd-cmd-params-cm.yaml) ConfigMap to `true`. +Once the endpoint is enabled you can use go profile tool to collect the CPU and memory profiles. Example: + +```bash +$ kubectl port-forward svc/argocd-metrics 8082:8082 +$ go tool pprof http://localhost:8082/debug/pprof/heap +``` diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index a46853546a28a..2a462e9601349 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -617,7 +617,7 @@ Edit the `--insecure` flag in the `argocd-server` command of the argocd-server d ### Creating a service -Now you need an externally accessible service. This is practically the same as the internal service Argo CD has, but with Google Cloud annotations. Note that this service is annotated to use a [Network Endpoint Group](https://cloud.google.com/load-balancing/docs/negs) (NEG) to allow your load balancer to send traffic directly to your pods without using kube-proxy, so remove the `neg` annotation it that's not what you want. +Now you need an externally accessible service. This is practically the same as the internal service Argo CD has, but with Google Cloud annotations. Note that this service is annotated to use a [Network Endpoint Group](https://cloud.google.com/load-balancing/docs/negs) (NEG) to allow your load balancer to send traffic directly to your pods without using kube-proxy, so remove the `neg` annotation if that's not what you want. The service: diff --git a/docs/operator-manual/installation.md b/docs/operator-manual/installation.md index 5782e5660868f..70494298c1391 100644 --- a/docs/operator-manual/installation.md +++ b/docs/operator-manual/installation.md @@ -21,6 +21,9 @@ Not recommended for production use. This type of installation is typically used in (i.e. kubernetes.svc.default). It will still be able to deploy to external clusters with inputted credentials. + > Note: The ClusterRoleBinding in the installation manifest is bound to a ServiceAccount in the argocd namespace. + > Be cautious when modifying the namespace, as changing it may cause permission-related errors unless the ClusterRoleBinding is correctly adjusted to reflect the new namespace. + * [namespace-install.yaml](https://github.com/argoproj/argo-cd/blob/master/manifests/namespace-install.yaml) - Installation of Argo CD which requires only namespace level privileges (does not need cluster roles). Use this manifest set if you do not need Argo CD to deploy applications in the same cluster that Argo CD runs in, and will rely solely @@ -78,6 +81,29 @@ resources: For an example of this, see the [kustomization.yaml](https://github.com/argoproj/argoproj-deployments/blob/master/argocd/kustomization.yaml) used to deploy the [Argoproj CI/CD infrastructure](https://github.com/argoproj/argoproj-deployments#argoproj-deployments). +#### Installing Argo CD in a Custom Namespace +If you want to install Argo CD in a namespace other than the default argocd, you can use Kustomize to apply a patch that updates the ClusterRoleBinding to reference the correct namespace for the ServiceAccount. This ensures that the necessary permissions are correctly set in your custom namespace. + +Below is an example of how to configure your kustomization.yaml to install Argo CD in a custom namespace: +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: +resources: + - https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml + +patches: + - patch: |- + - op: replace + path: /subjects/0/namespace + value: + target: + kind: ClusterRoleBinding +``` + +This patch ensures that the ClusterRoleBinding correctly maps to the ServiceAccount in your custom namespace, preventing any permission-related issues during the deployment. + ## Helm The Argo CD can be installed using [Helm](https://helm.sh/). The Helm chart is currently community maintained and available at diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index 5aebb9245c0ae..02a490998307a 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -8,6 +8,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | Metric | Type | Description | |--------|:----:|-------------| | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in Argo CD. | +| `argocd_app_condition` | gauge | Report Applications conditions. It contains the conditions currently present in the application status. | | `argocd_app_k8s_request_total` | counter | Number of Kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | | `argocd_app_reconcile` | histogram | Application reconciliation performance in seconds. | @@ -30,6 +31,8 @@ to deleted resources, you can schedule a metrics reset to clean the history with an application controller flag. Example: `--metrics-cache-expiration="24h0m0s"`. + + ### Exposing Application labels as Prometheus metrics There are use-cases where Argo CD Applications contain labels that are desired to be exposed as Prometheus metrics. @@ -60,6 +63,45 @@ argocd_app_labels{label_business_unit="bu-id-1",label_team_name="my-team",name=" argocd_app_labels{label_business_unit="bu-id-2",label_team_name="another-team",name="my-app-3",namespace="argocd",project="important-project"} 1 ``` +### Exposing Application conditions as Prometheus metrics + +There are use-cases where Argo CD Applications contain conditions that are desired to be exposed as Prometheus metrics. +Some examples are: + +* Hunting orphaned resources across all deployed applications +* Knowing which resources are excluded from ArgoCD + +As the Application conditions are specific to each company, this feature is disabled by default. To enable it, add the +`--metrics-application-conditions` flag to the Argo CD application controller. + +The example below will expose the Argo CD Application condition `OrphanedResourceWarning` and `ExcludedResourceWarning` to Prometheus: + +```yaml + containers: + - command: + - argocd-application-controller + - --metrics-application-conditions + - OrphanedResourceWarning + - --metrics-application-conditions + - ExcludedResourceWarning +``` + +## Application Set Controller metrics + +The Application Set controller exposes the following metrics for application sets. + +| Metric | Type | Description | +|--------|:----:|-------------| +| `argocd_appset_info` | gauge | Information about Application Sets. It contains labels for the name and namespace of an application set as well as `Resource_update_status` that reflects the `ResourcesUpToDate` property | +| `argocd_appset_reconcile` | histogram | Application reconciliation performance in seconds. It contains labels for the name and namespace of an applicationset | +| `argocd_appset_labels` | gauge | Applicationset labels translated to Prometheus labels. Disabled by default | +| `argocd_appset_owned_applications` | gauge | Number of applications owned by the applicationset. It contains labels for the name and namespace of an applicationset. | + +Similar to the same metric in application controller (`argocd_app_labels`) the metric `argocd_appset_labels` is disabled by default. You can enable it by providing the `–metrics-applicationset-labels` argument to the applicationset controller. + +Once enabled it works exactly the same as application controller metrics (label_ appended to normalized label name). +Available labels include Name, Namespace + all labels enabled by the command line options and their value (exactly like application controller metrics described in the previous section). + ## API Server Metrics Metrics about API Server API request and response activity (request totals, response codes, etc...). Scraped at the `argocd-server-metrics:8083/metrics` endpoint. diff --git a/docs/operator-manual/notifications/index.md b/docs/operator-manual/notifications/index.md index eccca906ae91b..002f67249c616 100644 --- a/docs/operator-manual/notifications/index.md +++ b/docs/operator-manual/notifications/index.md @@ -93,7 +93,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: argo-cd-notification-secret + name: argocd-notifications-secret type: Opaque data: pagerduty-key-my-service: diff --git a/docs/operator-manual/reconcile.md b/docs/operator-manual/reconcile.md index a956cd9cf7b28..9b8044e9e0ffd 100644 --- a/docs/operator-manual/reconcile.md +++ b/docs/operator-manual/reconcile.md @@ -4,7 +4,8 @@ By default, an Argo CD Application is refreshed every time a resource that belon Kubernetes controllers often update the resources they watch periodically, causing continuous reconcile operation on the Application and a high CPU usage on the `argocd-application-controller`. Argo CD allows you to optionally ignore resource updates on specific fields -for [tracked resources](../user-guide/resource_tracking.md). +for [tracked resources](../user-guide/resource_tracking.md). +For untracked resources, you can [use the argocd.argoproj.io/ignore-resource-updates annotations](#ignoring-updates-for-untracked-resources) When a resource update is ignored, if the resource's [health status](./health.md) does not change, the Application that this resource belongs to will not be reconciled. @@ -111,3 +112,55 @@ data: # actually changing in content. - .status.conditions[].lastTransitionTime ``` + +## Ignoring updates for untracked resources + +ArgoCD will only apply `ignoreResourceUpdates` configuration to tracked resources of an application. This means dependant resources, such as a `ReplicaSet` and `Pod` created by a `Deployment`, will not ignore any updates and trigger a reconcile of the application for any changes. + +If you want to apply the `ignoreResourceUpdates` configuration to an untracked resource, you can add the +`argocd.argoproj.io/ignore-resource-updates=true` annotation in the dependent resources manifest. + +## Example + +### CronJob + +```yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: hello + namespace: test-cronjob +spec: + schedule: "* * * * *" + jobTemplate: + metadata: + annotations: + argocd.argoproj.io/ignore-resource-updates: "true" + spec: + template: + metadata: + annotations: + argocd.argoproj.io/ignore-resource-updates: "true" + spec: + containers: + - name: hello + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: OnFailure +``` + +The resource updates will be ignored based on your the `ignoreResourceUpdates` configuration in the `argocd-cm` configMap: + +`argocd-cm`: +```yaml +resource.customizations.ignoreResourceUpdates.batch_Job: | + jsonPointers: + - /status +resource.customizations.ignoreResourceUpdates.Pod: | + jsonPointers: + - /status +``` diff --git a/docs/operator-manual/resource_actions.md b/docs/operator-manual/resource_actions.md index b720f589ae8d0..0a4ea2cb3936a 100644 --- a/docs/operator-manual/resource_actions.md +++ b/docs/operator-manual/resource_actions.md @@ -5,6 +5,14 @@ Argo CD allows operators to define custom actions which users can perform on spe Operators can add actions to custom resources in form of a Lua script and expand those capabilities. +## Built-in Actions + +The following are actions that are built-in to Argo CD. Each action name links to its Lua script definition: + +{!docs/operator-manual/resource_actions_builtin.md!} + +See the [RBAC documentation](rbac.md#the-action-action) for information on how to control access to these actions. + ## Custom Resource Actions Argo CD supports custom resource actions written in [Lua](https://www.lua.org/). This is useful if you: @@ -72,6 +80,20 @@ The `discovery.lua` script must return a table where the key name represents the Each action name must be represented in the list of `definitions` with an accompanying `action.lua` script to control the resource modifications. The `obj` is a global variable which contains the resource. Each action script returns an optionally modified version of the resource. In this example, we are simply setting `.spec.suspend` to either `true` or `false`. +By default, defining a resource action customization will override any built-in action for this resource kind. If you want to retain the built-in actions, you can set the `mergeBuiltinActions` key to `true`. Your custom actions will have precedence over the built-in actions. +```yaml +resource.customizations.actions.argoproj.io_Rollout: | + mergeBuiltinActions: true + discovery.lua: | + actions = {} + actions["do-things"] = {} + return actions + definitions: + - name: do-things + action.lua: | + return obj +``` + #### Creating new resources with a custom action !!! important diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index 930dfa414751c..07fd9e545c8d4 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -31,6 +31,7 @@ argocd-application-controller [flags] --default-cache-expiration duration Cache expiration default (default 24h0m0s) --disable-compression If true, opt-out of response compression for all requests to the server --dynamic-cluster-distribution-enabled Enables dynamic cluster distribution. + --enable-k8s-event none Enable ArgoCD to use k8s event. For disabling all events, set the value as none. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated) (default [all]) --gloglevel int Set the glog logging level -h, --help help for argocd-application-controller --ignore-normalizer-jq-execution-timeout-seconds duration Set ignore normalizer JQ execution timeout @@ -39,6 +40,7 @@ argocd-application-controller [flags] --kubectl-parallelism-limit int Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. (default 20) --logformat string Set the logging format. One of: text|json (default "text") --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --metrics-application-conditions strings List of Application conditions that will be added to the argocd_application_conditions metric --metrics-application-labels strings List of Application labels that will be added to the argocd_application_labels metric --metrics-cache-expiration duration Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s) --metrics-port int Start metrics server on given port (default 8082) @@ -65,7 +67,10 @@ argocd-application-controller [flags] --repo-server-strict-tls Whether to use strict validation of the TLS cert presented by the repo server --repo-server-timeout-seconds int Repo server RPC call timeout seconds. (default 60) --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") - --self-heal-timeout-seconds int Specifies timeout between application self heal attempts (default 5) + --self-heal-backoff-cap-seconds int Specifies max timeout of exponential backoff between application self heal attempts (default 300) + --self-heal-backoff-factor int Specifies factor of exponential timeout between application self heal attempts (default 3) + --self-heal-backoff-timeout-seconds int Specifies initial timeout of exponential backoff between self heal attempts (default 2) + --self-heal-timeout-seconds int Specifies timeout between application self heal attempts --sentinel stringArray Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). --sentinelmaster string Redis sentinel master group name. (default "master") --server string The address and port of the Kubernetes API server diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index d48476f6df969..09fac567e64fc 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -29,6 +29,10 @@ argocd-server [flags] --api-content-types string Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty. (default "application/json") --app-state-cache-expiration duration Cache expiration for app state (default 1h0m0s) --application-namespaces strings List of additional namespaces where application resources can be managed in + --appset-allowed-scm-providers strings The list of allowed custom SCM provider API URLs. This restriction does not apply to SCM or PR generators which do not accept a custom API URL. (Default: Empty = all) + --appset-enable-new-git-file-globbing Enable new globbing in Git files generator. + --appset-enable-scm-providers Enable retrieving information from SCM providers, used by the SCM and PR generators (Default: true) (default true) + --appset-scm-root-ca-path string Provide Root CA Path for self-signed TLS Certificates --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. --as-uid string UID to impersonate for the operation @@ -48,6 +52,7 @@ argocd-server [flags] --disable-auth Disable client authentication --disable-compression If true, opt-out of response compression for all requests to the server --enable-gzip Enable GZIP compression (default true) + --enable-k8s-event none Enable ArgoCD to use k8s event. For disabling all events, set the value as none. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated) (default [all]) --enable-proxy-extension Enable Proxy Extension feature --gloglevel int Set the glog logging level -h, --help help for argocd-server @@ -107,6 +112,7 @@ argocd-server [flags] --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use --username string Username for basic authentication to the API server + --webhook-parallelism-limit int Number of webhook requests processed concurrently (default 50) --x-frame-options value Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin") ``` diff --git a/docs/operator-manual/signed-release-assets.md b/docs/operator-manual/signed-release-assets.md index b574876345b5b..3c42b27fd4e10 100644 --- a/docs/operator-manual/signed-release-assets.md +++ b/docs/operator-manual/signed-release-assets.md @@ -32,7 +32,8 @@ Argo CD container images are signed by [cosign](https://github.com/sigstore/cosi cosign verify \ --certificate-identity-regexp https://github.com/argoproj/argo-cd/.github/workflows/image-reuse.yaml@refs/tags/v \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ -quay.io/argoproj/argocd:v2.7.0 | jq +--certificate-github-workflow-repository "argoproj/argo-cd" \ +quay.io/argoproj/argocd:v2.11.3 | jq ``` The command should output the following if the container image was correctly verified: ```bash diff --git a/docs/operator-manual/upgrading/2.12-2.13.md b/docs/operator-manual/upgrading/2.12-2.13.md new file mode 100644 index 0000000000000..6839d674c8001 --- /dev/null +++ b/docs/operator-manual/upgrading/2.12-2.13.md @@ -0,0 +1,73 @@ +# v2.12 to 2.13 + +## Upgraded Helm Version + +Note that bundled Helm version has been upgraded from 3.15.2 to 3.15.4. + +## Custom Resource Actions for Flux Resources + +[`Custom Resource Actions`](../resource_actions.md#Custom-Resource-Actions) have been added for Flux Resources. +The following actions are now available: + +| Custom Resource | Supported Actions | +|-----------------------|----------------------------------| +| HelmRelease | `Suspend`, `Resume`, `Reconcile` | +| ImageRepository | `Suspend`, `Resume`, `Reconcile` | +| ImageUpdateAutomation | `Suspend`, `Resume`, `Reconcile` | +| Kustomization | `Suspend`, `Resume`, `Reconcile` | +| Alert | `Suspend`, `Resume` | +| Provider | `Suspend`, `Resume` | +| Receiver | `Suspend`, `Resume`, `Reconcile` | +| Bucket | `Suspend`, `Resume`, `Reconcile` | +| GitRepository | `Suspend`, `Resume`, `Reconcile` | +| HelmChart | `Suspend`, `Resume`, `Reconcile` | +| HelmRepository | `Suspend`, `Resume`, `Reconcile` | +| OCIRepository | `Suspend`, `Resume`, `Reconcile` | + +If you want to use these actions do not forget to update the permissions (RBAC) for your Argo CD instance. + +## Custom Resource Health for Flux Resources + +[`Custom Resource Health`](../health.md#custom-health-checks) has been added for Flux Resources. +The following Flux resources now support health checks: +- HelmRelease +- ImagePolicy +- ImageRepository +- ImageUpdateAutomation +- Kustomization +- Receiver +- Bucket +- GitRepository +- HelmChart +- HelmRepository +- OCIRepository + +## Upgraded Dex Version + +Dex [v2.39.0](https://github.com/dexidp/dex/releases/tag/v2.39.0) included a breaking change for the LDAP connector: + +> The validation of username and password in the LDAP connector is much more strict now. +> As of today, Dex uses the EscapeFilter function to check for special characters in credentials and prevent injections by denying such requests. + +## Updated Job name for manually started CronJob jobs + +The naming of Jobs that are manually started from CronJobs (using Argo CD) was changed. Instead of the previous postfix `-YYYYMMDDHHmm` (4-digit year), manually started Jobs now receive postfix `-YYMMDDHHmm` (2-digit year). + +The format of Jobs that are started from a CronJob on schedule (by Kubernetes) is not handled by Argo CD and remains unchanged. + +## Change in Log File Extension for Downloaded Logs + +The default extension for log files generated by Argo CD when using the "Download Logs" feature has been changed from `.txt` to `.log`. This change aligns with industry standards and improves compatibility with various log management tools and IDEs that offer enhanced features for `.log` files. + +**Impact:** +- Users and systems that rely on the `.txt` extension will need to adjust their workflows. +- Automated scripts and processes that specifically target `.txt` log files should be updated to handle `.log` files. + +**Benefits:** +- Improved readability and parsing in IDEs and log management tools. +- Consistency with standard log file conventions. + +If you have any custom scripts or tools that depend on the `.txt` extension, please update them accordingly. +## Added proxy to kustomize + +Proxy config set on repository credentials / repository templates is now passed down to the `kustomie build` command. diff --git a/docs/operator-manual/user-management/identity-center.md b/docs/operator-manual/user-management/identity-center.md index 0fd78b1aaf62f..c4019964d7a4d 100644 --- a/docs/operator-manual/user-management/identity-center.md +++ b/docs/operator-manual/user-management/identity-center.md @@ -1,7 +1,7 @@ # Identity Center (AWS SSO) !!! note "Are you using this? Please contribute!" - If you're using this IdP please consider [contributing](../../developer-guide/site.md) to this document. + If you're using this IdP please consider [contributing](../../developer-guide/docs-site.md) to this document. A working Single Sign-On configuration using Identity Center (AWS SSO) has been achieved using the following method: diff --git a/docs/operator-manual/user-management/index.md b/docs/operator-manual/user-management/index.md index c002b77ada5ed..8616764172988 100644 --- a/docs/operator-manual/user-management/index.md +++ b/docs/operator-manual/user-management/index.md @@ -172,6 +172,8 @@ kubectl edit configmap argocd-cm -n argocd ``` * In the `url` key, input the base URL of Argo CD. In this example, it is `https://argocd.example.com` +* (Optional): If Argo CD should be accessible via multiple base URLs you may + specify any additional base URLs via the `additionalUrls` key. * In the `dex.config` key, add the `github` connector to the `connectors` sub field. See Dex's [GitHub connector](https://github.com/dexidp/website/blob/main/content/docs/connectors/github.md) documentation for explanation of the fields. A minimal config should populate the clientID, diff --git a/docs/operator-manual/user-management/keycloak.md b/docs/operator-manual/user-management/keycloak.md index 6f0c99de0dec2..10551321d976a 100644 --- a/docs/operator-manual/user-management/keycloak.md +++ b/docs/operator-manual/user-management/keycloak.md @@ -125,3 +125,9 @@ In this example we give the role _role:admin_ to all users in the group _ArgoCDA You can now login using our new Keycloak OIDC authentication: ![Keycloak ArgoCD login](../../assets/keycloak-login.png "Keycloak ArgoCD login") + +## Troubleshoot +If ArgoCD auth returns 401 or when the login attempt leads to the loop, then restart the argocd-server pod. +``` +kubectl rollout restart deployment argocd-server -n argocd +``` diff --git a/docs/operator-manual/web_based_terminal.md b/docs/operator-manual/web_based_terminal.md index 5c791e9faa00f..3fc5807586be1 100644 --- a/docs/operator-manual/web_based_terminal.md +++ b/docs/operator-manual/web_based_terminal.md @@ -13,10 +13,20 @@ Kubernetes), then the user effectively has the same privileges as that ServiceAc ## Enabling the terminal -1. Set the `exec.enabled` key to `"true"` on the `argocd-cm` ConfigMap. +1. In the `argocd-cm` ConfigMap, set the `exec.enabled` key to `"true"`. This enables the exec feature in Argo CD. + + ``` + apiVersion: v1 + kind: ConfigMap + metadata: + name: argocd-cm + namespace: # Replace with your actual namespace + data: + exec.enabled: "true" + ``` 2. Patch the `argocd-server` Role (if using namespaced Argo) or ClusterRole (if using clustered Argo) to allow `argocd-server` -to exec into pods +to `exec` into pods - apiGroups: - "" @@ -24,14 +34,24 @@ to exec into pods - pods/exec verbs: - create + If you'd like to perform the patch imperatively, you can use the following command: + + - For namespaced Argo + ``` + kubectl patch role -n argocd - type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]' + ``` + - For clustered Argo + ```` + kubectl patch clusterrole - type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]' + ``` +3. Add RBAC rules to allow your users to `create` the `exec` resource i.e. -3. Add RBAC rules to allow your users to `create` the `exec` resource, i.e. + p, role:myrole, exec, create, */*, allow - p, role:myrole, exec, create, */*, allow + This can be added either to the `argocd-cm` `Configmap` manifest or an `AppProject` manifest. - -See [RBAC Configuration](rbac.md#exec-resource) for more info. + See [RBAC Configuration](rbac.md#exec-resource) for more info. ## Changing allowed shells diff --git a/docs/proposals/resource-deletion-with-approval.md b/docs/proposals/resource-deletion-with-approval.md new file mode 100644 index 0000000000000..4d843ce08fa38 --- /dev/null +++ b/docs/proposals/resource-deletion-with-approval.md @@ -0,0 +1,171 @@ +--- +title: Neat-enhancement-idea +authors: +- "@alexmt" + sponsors: +- TBD + reviewers: +- "@jessesuen" +- TBD + approvers: +- "@jessesuen" +- TBD + +creation-date: 2020-04-19 +last-updated: 2020-04-19 + +--- +# Neat Enhancement Idea + +Support manual approval for pruning and deleting Kubernetes resources during application syncing/deletion. + +## Summary + +Introduce Kubernetes resource-level annotations that require manual user approval using Argo CD UI/CLI/API before the +resource is pruned or deleted. The annotations should be respected while Argo CD attempts to synchronize or delete the +application. + +## Motivation + +We’ve seen cases where Argo CD deleted Kubernetes resources due to a bug or misconfiguration.​ Examples include [corrupted +data](https://github.com/argoproj/argo-cd/issues/4423) in Redis, user errors +([1](https://github.com/argoproj/argo-cd/issues/9093), [2](https://github.com/argoproj/argo-cd/issues/4844)) +and [bug](https://github.com/argoproj/argo-cd/issues/3473) in the automation on top of Argo CD. These examples don’t +mean Argo CD is not reliable; however, there are cases where misbehavior is catastrophic, and erroneous deletion is not +acceptable. Examples include the app-of-apps pattern where Argo CD is used to manage itself, or namespaces in production +clusters. + +### Goals + +The goals of a proposal ares: + +#### Allow developers to mark resources that require manual approval before application deletion. + +Developers should be able to add an annotation to resources that require manual approval before deletion. The annotation +should be respected by Argo CD when it attempts to delete the application. + +#### Allow developers to mark resources that require manual approval before pruning + +Developers should be able to add an annotation to resources that require manual approval before pruning. The annotation +should be respected by Argo CD when it attempts to prune extra resources while syncing the application. + +### Non-Goals + +#### Implement automatic self check while deleting resources + +We've made our best effort to implement corrected behavior, and as of now, we are not aware of any bugs that cause +erroneous deletion. The goal of this proposal is to provide a safety net for cases where deletion is not acceptable. + +## Proposal + +It is proposed to introduce two new sync options for Argo CD applications: `Prune=confirm` and `Delete=confirm`. Options would +protect resources from accidental deletion during cascading application deletion as well as during sync operations. + +### Introduce `confirm` option for Prune sync option. + +Argo CD already supports `argocd.argoproj.io/sync-options: Prune=false` sync option that prevents resource deletion while syncing +the application. This, however, is not ideal since it prevents implementing fully automated workflows that include resource deletion. + +In order to improve the situation, we propose to introduce `confirm` option for Prune sync option. When `confirm` option is set, Argo CD should pause the sync operation +**before deleting any app resources** and wait for the user to confirm the deletion. The confirmation can be done in a very friendly way using Argo CD UI, CLI or API. + +* **Sync Operation status**. I suggest not to introduce new sync operation states to avoid disturbing the existing automation around syncing (CI pipelines, scripts etc). + If Argo CD is waiting for the operation state should remain `Progressing`. Once the user confirms the deletion, the operation should resume. +* **Sync Waves**. The sync wave shuold be "paused" while Argo CD is waiting for the user to confirm the deletion. No difference from waiting for the resource to became healthy. + +### Introduce `confirm` option for Delete sync option. + +Similarly to `Prune` sync option we need to introduce `confirm` value for `Delete` sync option: `argocd.argoproj.io/sync-options: Delete=confirm`. The `confirm` option +should pause the sync operation **before deleting any app resources** and wait for the user to confirm the deletion. The confirmation can be done in a very friendly way +using Argo CD UI, CLI or API. + + +### Friendly prunning/deletion manual approval + +Since we know Argo CD is often used to implement fully automated developer workflows that include resource deletion, the +deletion approval process should be as painless as possible. This way, platform administrators can instruct end users to +apply the new prune/delete option to resources that require special care without significantly disturbing the developer +experience. + +In both cases where Argo CD requires manual approval, the user should be able to approve the deletion using Argo CD UI, +CLI, or API. The approval process should be as simple as possible and should not require the user to understand the +internals of Argo CD. + +#### New `requiresDeletionApproval` resource field in application status + +A new field `requiresDeletionApproval` should be added to the `status.resources` list items. The field should be set to `true` when the resource deletion approval is required. + +```yaml + - health: + status: Healthy + kind: Service + name: guestbook-ui + namespace: default + status: OutOfSync + version: v1 + requiresPruning: true + requiresDeletionApproval: true # new field that indicates that deletion approval is required +``` + +The Argo CD UI, CLI should visualize the `requiresDeletionApproval` field so that the user can easily discover which resources require manual approval. + +#### Approve deletion resource action + +The Argo CD UI, CLI should bundle the `Approve Deletion` [resource action](https://argo-cd.readthedocs.io/en/stable/operator-manual/resource_actions/) +that would allow the user to approve the deletion. The action should patch the resource with the `argocd.argoproj.io/deletion-approved: true` annotation. +Once annotation is applied the Argo CD should proceed with the deletion. + +The main reason to use the action is that we can reuse existing [RBAC](https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/) to control who can approve the deletion. + +#### UI/CLI Convinience to approve all resources + +The Argo CD UI should provide a convinient way to approve resources that require manual approval. The existing user interface will provide a button that allows end user +execute the `Approve Deletion` action and approve resources one by one. In addition to the single resource approval, the UI should provide a way to approve all resources +that require manual approval. The new button should execute the `Approve Deletion` action for all resources that require manual approval. + +Argo CD CLI would no need changes since existing `argocd app actions run` command allows to execute an action against multiple resources. + +#### Require deletion approval notification + +The default Argo CD notification catalog should include a trigger and notification template that notifies the user when +deletion approval is required. The notification template should include a list of resources that require approval. + + +#### Declarative approval + +The user should be able to approve resource deletion without using the UI or CLI by manually adding the `argocd.argoproj.io/deletion-approved: true` annotation to the resource. + +### Use cases + +Add a list of detailed use cases this enhancement intends to take care of. + +## Use case 1: + +As a developer, I would like to mark resources that require manual pruning approval so I can prevent the accidental deletion of critical resources. + +## Use case 2: + +As a developer, I would like to mark resources that require manual deletion approval so I can prevent the accidental deletion of critical resources. + + +### Security Considerations + +The resource approval would require a mechanism to control who can approve the deletion. The proposal to use +resource-level actions solves this problem and allows us to reuse the existing RBAC model. + +### Risks and Mitigations + +None. + +### Upgrade / Downgrade Strategy + +In case of rollback to the previous version the sync option would be ignored and the resources would be deleted as before. + +## Open Issues + +The proposal would require end users to learn about the new behavior and adjust their workflows. It includes a set of +enhancements aimed at minimizing the impact on end users. + +## Alternatives + +None. \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md deleted file mode 100644 index 0b14ff28d76d5..0000000000000 --- a/docs/snyk/index.md +++ /dev/null @@ -1,63 +0,0 @@ -# Snyk Scans - -Every Sunday, Snyk scans are generated for Argo CD's `master` branch and the most recent patches of the three most -recent minor releases. - -!!! note - For the most recent scans, view the [`latest` version of the docs](https://argo-cd.readthedocs.io/en/latest/snyk/). - You can return to your preferred version of the docs site using the dropdown selector at the top of the page. - -## Scans - -### master - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](master/argocd-test.html) | 0 | 0 | 7 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 3 | -| [haproxy:2.6.17-alpine](master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 1 | -| [redis:7.0.15-alpine](master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 2 | 1 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 11 | -| [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 2 | 1 | -| [install.yaml](master/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.11.3 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.3/argocd-test.html) | 0 | 1 | 7 | 0 | -| [ui/yarn.lock](v2.11.3/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 3 | -| [haproxy:2.6.14-alpine](v2.11.3/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 3 | -| [argocd:v2.11.3](v2.11.3/quay.io_argoproj_argocd_v2.11.3.html) | 0 | 0 | 4 | 19 | -| [redis:7.0.14-alpine](v2.11.3/redis_7.0.14-alpine.html) | 0 | 0 | 6 | 3 | -| [install.yaml](v2.11.3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.11.3/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.10.12 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.12/argocd-test.html) | 0 | 1 | 8 | 0 | -| [ui/yarn.lock](v2.10.12/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 3 | -| [haproxy:2.6.14-alpine](v2.10.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 3 | -| [argocd:v2.10.12](v2.10.12/quay.io_argoproj_argocd_v2.10.12.html) | 0 | 0 | 4 | 19 | -| [redis:7.0.15-alpine](v2.10.12/redis_7.0.15-alpine.html) | 0 | 0 | 2 | 1 | -| [install.yaml](v2.10.12/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.12/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.9.17 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.17/argocd-test.html) | 0 | 2 | 8 | 0 | -| [ui/yarn.lock](v2.9.17/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 3 | -| [haproxy:2.6.14-alpine](v2.9.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 3 | -| [argocd:v2.9.17](v2.9.17/quay.io_argoproj_argocd_v2.9.17.html) | 0 | 0 | 4 | 19 | -| [redis:7.0.15-alpine](v2.9.17/redis_7.0.15-alpine.html) | 0 | 0 | 2 | 1 | -| [install.yaml](v2.9.17/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.9.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html deleted file mode 100644 index 7c5eefc353e7c..0000000000000 --- a/docs/snyk/master/argocd-iac-install.html +++ /dev/null @@ -1,2891 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:18:10 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/install.yaml (Kubernetes)
    • -
-
- -
-
44 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/install.yaml
Path /argo-cd/manifests/install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- high severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 17] - › - rules[5] - › - resources - -
    • - -
  • - Line number: 21103 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20788 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 20873 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20901 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 20931 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 20949 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 14] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20967 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 15] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20989 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 48] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 22035 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 49] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 22334 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21596 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21847 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21813 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21907 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22006 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22030 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22334 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22087 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22419 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22770 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 21827 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 45] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 21596 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 21813 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 48] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 22006 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21596 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21813 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21847 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21907 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22006 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22030 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22334 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22087 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22419 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22770 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21737 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21855 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21830 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21940 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22023 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22037 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22341 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22307 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22680 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22971 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html deleted file mode 100644 index 2a7537570f30a..0000000000000 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2845 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:18:18 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
    • -
-
- -
-
43 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/namespace-install.yaml
Path /argo-cd/manifests/namespace-install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 7] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 77 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 8] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 162 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 9] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 190 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 220 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 238 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 256 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 278 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 1112 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 40] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 1411 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 924 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 984 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1107 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1411 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1164 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1496 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1847 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 904 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 36] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 924 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 984 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1107 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1411 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1164 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1496 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1847 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 814 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 932 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 907 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1017 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1100 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1114 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1418 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1384 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1757 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 2048 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html deleted file mode 100644 index 052e1be87ae85..0000000000000 --- a/docs/snyk/master/argocd-test.html +++ /dev/null @@ -1,1283 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:16:13 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
    • -
  • /argo-cd/ui/yarn.lock (yarn)
    • -
-
- -
-
8 known vulnerabilities
-
26 vulnerable dependency paths
-
2059 dependencies
-
-
-
-
- -
-
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/r3labs/diff@1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.18.0 - › - github.com/hashicorp/go-version@1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/gosimple/slug@1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
    • -
- -
- -
- -

Overview

-

github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

-

Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

-

Notes:

-
    -

  1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

    -
    2. -

  2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

    -
    3. -

  3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

    -
    4. -

  4. The vulnerability exists in the following credential types:

    -
    5. -
-

ManagedIdentityApplication (.NET)

-

ManagedIdentityApplication (Java)

-

ManagedIdentityApplication (Node.js)

-

Remediation

-

Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Template Injection

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd › ui/yarn.lock -
    • -
  • - Package Manager: npm -
    • -
  • - Vulnerable module: - - dompurify -
    • - -
  • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - argo-cd-ui@1.0.0 - › - redoc@2.0.0-rc.64 - › - dompurify@2.3.6 - - - -
    • -
- -
- -
- -

Overview

-

dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

-

Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

-

PoC

- 
<![CDATA[ ><img src onerror=alert(1)> ]]>
-
-

Remediation

-

Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html deleted file mode 100644 index 48b88de50049f..0000000000000 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html +++ /dev/null @@ -1,5400 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -

March 24th 2024, 12:19:56 am (UTC+00:00)

-======== -

June 16th 2024, 12:16:20 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
-
- Scanned the following paths: -
    -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • -======== -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -
42 known vulnerabilities
-
121 vulnerable dependency paths
-
786 dependencies
-======== -
34 known vulnerabilities
-
98 vulnerable dependency paths
-
829 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
-
-
-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -
-

Path Traversal

-
- -
- critical severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

-

Notes:

-
    -

  1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

    -
    2. -

  2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

    -
    3. -

  3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

    -
    4. -
-

Workaround

-

This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

-

Remediation

-

Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- critical severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-======== -
-

Allocation of Resources Without Limits or Throttling

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
- -
- high severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/grpc@v1.46.2 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/grpc@v1.56.1 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.19.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.20.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-======== -

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Heap-based Buffer Overflow

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/mattn/go-sqlite3@v1.14.17 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

-

Remediation

-

Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

-

Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

-

The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

-

As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Inefficient Regular Expression Complexity

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 -======== - openssl/libssl3@3.1.4-r2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Cross-site Scripting (XSS)

-======== -

Infinite loop

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.32.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.32.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/api@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/serf/coordinate -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl/v2 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/golang-lru/simplelru -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-version@v1.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-sockaddr -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-rootcerts -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-plugin -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin@v1.4.4 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-immutable-radix -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/errwrap -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/errwrap@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/consul/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/consul/api@v1.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/gosimple/slug@v1.12.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/go-sql-driver/mysql -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-sql-driver/mysql@v1.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Improper Handling of Highly Compressed Data (Data Amplification)

-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Resource Consumption ('Resource Exhaustion')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

-

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

-

Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

-

Workaround

-

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-======== ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-======== -

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

-

References

- ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html -

More about this vulnerability

-======== -

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
- -
-
-
-
- - - diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html deleted file mode 100644 index 1d67bfcaf8fc3..0000000000000 --- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ /dev/null @@ -1,849 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:16:29 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)
    • -
  • public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    • -
-
- -
-
3 known vulnerabilities
-
19 vulnerable dependency paths
-
18 dependencies
-
-
-
-
- -
-
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.0-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

- -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html deleted file mode 100644 index 39c8c86bb5d2d..0000000000000 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ /dev/null @@ -1,2987 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:16:46 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • quay.io/argoproj/argocd:latest/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:latest//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:latest/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:latest/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • -
-
- -
-
21 known vulnerabilities
-
98 vulnerable dependency paths
-
2290 dependencies
-
-
-
-
- -
-
-
-

CVE-2020-22916

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - xz-utils/liblzma5 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.6.1+really5.4.5-1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.7.14build2 - › - apt/libapt-pkg6.0t64@2.7.14build2 - › - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - dash@0.5.12-6ubuntu5 - › - dpkg@1.22.6ubuntu6 - › - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.7.14build2 - › - adduser@3.137ubuntu1 - › - shadow/passwd@1:4.13+dfsg1-4ubuntu3 - › - pam/libpam-modules@1.5.3-5ubuntu5.1 - › - systemd/libsystemd0@255.4-1ubuntu8.1 - › - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 xz-utils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - libgcrypt20 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.10.3-2build1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/dirmngr@2.4.4-2ubuntu17 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg@2.4.4-2ubuntu17 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg-agent@2.4.4-2ubuntu17 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.7.14build2 - › - apt/libapt-pkg6.0t64@2.7.14build2 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.7.14build2 - › - gnupg2/gpgv@2.4.4-2ubuntu17 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg@2.4.4-2ubuntu17 - › - gnupg2/gpgconf@2.4.4-2ubuntu17 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.7.14build2 - › - adduser@3.137ubuntu1 - › - shadow/passwd@1:4.13+dfsg1-4ubuntu3 - › - pam/libpam-modules@1.5.3-5ubuntu5.1 - › - systemd/libsystemd0@255.4-1ubuntu8.1 - › - libgcrypt20@1.10.3-2build1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 libgcrypt20.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26462

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssh/openssh-client@1:9.6p1-3ubuntu13 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - libssh/libssh-4@0.10.6-2build2 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - krb5/krb5-locales@1.20.1-6ubuntu2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/r3labs/diff@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-version@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-multierror -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/hashicorp/go-multierror@v1.1.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/gosimple/slug@v1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Release of Invalid Pointer or Reference

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - patch@2.7.6-7build3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Double Free

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - patch@2.7.6-7build3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3t64 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - coreutils@9.4-3ubuntu6 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - libfido2/libfido2-1@1.14.0-1build3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssh/openssh-client@1:9.6p1-3ubuntu13 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - ca-certificates@20240203 - › - openssl@3.0.13-0ubuntu3.1 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - libssh/libssh-4@0.10.6-2build2 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 - › - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssl@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - ca-certificates@20240203 - › - openssl@3.0.13-0ubuntu3.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3t64 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - coreutils@9.4-3ubuntu6 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - libfido2/libfido2-1@1.14.0-1build3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssh/openssh-client@1:9.6p1-3ubuntu13 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - ca-certificates@20240203 - › - openssl@3.0.13-0ubuntu3.1 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - libssh/libssh-4@0.10.6-2build2 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 - › - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssl@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - ca-certificates@20240203 - › - openssl@3.0.13-0ubuntu3.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3t64 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - coreutils@9.4-3ubuntu6 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - libfido2/libfido2-1@1.14.0-1build3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssh/openssh-client@1:9.6p1-3ubuntu13 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - ca-certificates@20240203 - › - openssl@3.0.13-0ubuntu3.1 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - libssh/libssh-4@0.10.6-2build2 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 - › - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 - › - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssl@3.0.13-0ubuntu3.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - ca-certificates@20240203 - › - openssl@3.0.13-0ubuntu3.1 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssh/openssh-client@1:9.6p1-3ubuntu13 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - libssh/libssh-4@0.10.6-2build2 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - krb5/krb5-locales@1.20.1-6ubuntu2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26461

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - › - krb5/libk5crypto3@1.20.1-6ubuntu2 - › - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - › - krb5/libkrb5-3@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - openssh/openssh-client@1:9.6p1-3ubuntu13 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - › - libssh/libssh-4@0.10.6-2build2 - › - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - krb5/krb5-locales@1.20.1-6ubuntu2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - gnupg2/gpgv -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu17 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpgv@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - apt@2.7.14build2 - › - gnupg2/gpgv@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/dirmngr@2.4.4-2ubuntu17 - › - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg-agent@2.4.4-2ubuntu17 - › - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg@2.4.4-2ubuntu17 - › - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/dirmngr@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - gnupg2/gpg-agent@2.4.4-2ubuntu17 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 gnupg2.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - glibc/libc-bin -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.39-0ubuntu8.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - glibc/libc-bin@2.39-0ubuntu8.2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - glibc/libc6@2.39-0ubuntu8.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 glibc.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - git/git-man -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - › - git/git-man@1:2.43.0-1ubuntu7.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git@1:2.43.0-1ubuntu7.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - git-lfs@3.4.1-1 - › - git@1:2.43.0-1ubuntu7.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

-

Remediation

-

There is no fixed version for Ubuntu:24.04 git.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:24.04 -
    • -
  • - Vulnerable module: - - coreutils -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and coreutils@9.4-3ubuntu6 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - › - coreutils@9.4-3ubuntu6 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

-

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

-

Remediation

-

There is no fixed version for Ubuntu:24.04 coreutils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html deleted file mode 100644 index acd74bb326905..0000000000000 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ /dev/null @@ -1,849 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:16:50 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • redis:7.0.15-alpine (apk)
    • -
  • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    • -
-
- -
-
3 known vulnerabilities
-
19 vulnerable dependency paths
-
18 dependencies
-
-
-
-
- -
-
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.0-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

- -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.10.12/argocd-iac-install.html b/docs/snyk/v2.10.12/argocd-iac-install.html deleted file mode 100644 index 6a8ba1ca661f5..0000000000000 --- a/docs/snyk/v2.10.12/argocd-iac-install.html +++ /dev/null @@ -1,2891 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:22:32 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/install.yaml (Kubernetes)
    • -
-
- -
-
44 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/install.yaml
Path /argo-cd/manifests/install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- high severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 17] - › - rules[5] - › - resources - -
    • - -
  • - Line number: 20895 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20580 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 20665 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20693 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 20723 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 20741 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 14] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20759 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 15] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20781 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 48] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 21827 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 49] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 22108 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21388 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21639 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21605 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21699 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21798 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21822 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22108 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21879 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22193 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22544 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 21619 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 45] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 21388 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 21605 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 48] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 21798 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21388 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21605 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21639 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21699 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21798 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21822 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22108 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21879 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22193 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22544 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21529 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21647 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21622 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21732 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21815 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21829 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22115 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22081 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22454 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22745 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.10.12/argocd-iac-namespace-install.html b/docs/snyk/v2.10.12/argocd-iac-namespace-install.html deleted file mode 100644 index 3cd5485060f32..0000000000000 --- a/docs/snyk/v2.10.12/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2845 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:22:41 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
    • -
-
- -
-
43 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/namespace-install.yaml
Path /argo-cd/manifests/namespace-install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 7] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 77 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 8] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 162 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 9] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 190 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 220 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 238 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 256 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 278 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 1112 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 40] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 1393 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 924 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 984 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1107 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1393 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1164 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1478 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1829 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 904 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 36] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 924 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 984 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1107 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1393 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1164 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1478 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1829 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 814 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 932 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 907 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1017 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1100 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1114 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1400 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1366 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1739 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 2030 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.10.12/argocd-test.html b/docs/snyk/v2.10.12/argocd-test.html deleted file mode 100644 index 414a175433e7f..0000000000000 --- a/docs/snyk/v2.10.12/argocd-test.html +++ /dev/null @@ -1,6009 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html -

March 24th 2024, 12:21:51 am (UTC+00:00)

-======== -

June 16th 2024, 12:20:42 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html -
-
- Scanned the following paths: -
    -
  • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
    • -
  • /argo-cd/ui/yarn.lock (yarn)
    • -
-
- -
-
10 known vulnerabilities
-<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html -
106 vulnerable dependency paths
-
1755 dependencies
-======== -
171 vulnerable dependency paths
-
2042 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html -
-
-
-
- -
-
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html - Manifest file: /argo-cd › ui/yarn.lock -
    • -
  • - Package Manager: npm -======== - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - -<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html - argo-cd-ui@1.0.0, superagent@8.0.9 and others -======== - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html - superagent@8.0.9 - › - semver@7.3.8 -======== - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/soheilhy/cmux@0.1.5 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/rbac/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/errors@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/equality@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.59.0 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.59.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.26.11 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.26.11 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/testing@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/resource@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/util/retry@0.26.11 - › - k8s.io/apimachinery/pkg/api/errors@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/portforward@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - › - k8s.io/apimachinery/pkg/api/equality@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/validation@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.26.11 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.26.11 - › - k8s.io/client-go/tools/reference@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.26.11 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.26.11 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - › - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - › - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - › - k8s.io/kubectl/pkg/cmd/util@0.26.11 - › - k8s.io/kubectl/pkg/validation@0.26.11 - › - k8s.io/cli-runtime/pkg/resource@0.26.11 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.26.11 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#fbecbb86e412 - › - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - › - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - › - k8s.io/api/storage/v1alpha1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Regular Expression Denial of Service (ReDoS)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/whilp/git-urls -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/whilp/git-urls@1.0.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/whilp/git-urls@1.0.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/whilp/git-urls@1.0.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/whilp/git-urls@1.0.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/whilp/git-urls@1.0.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/whilp/git-urls@1.0.2 - - - -
    • -
- -
- -
- -

Overview

-

github.com/whilp/git-urls is a Git URLs parser

-

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

-

Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

-

PoC

- 

-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

-

The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

-

Let’s take the following regular expression as an example:

- 
regex = /A(B|C+)+D/
-
-

This regular expression accomplishes the following:

-
    -
  • A The string must start with the letter 'A'
    • -
  • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
    • -
  • D Finally, we ensure this section of the string ends with a 'D'
    • -
-

The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

-

It most cases, it doesn't take very long for a regex engine to find a match:

- 
$ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
-

The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

-

Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

-

Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

-
    -
  1. CCC
    2. -
  2. CC+C
    3. -
  3. C+CC
    4. -
  4. C+C+C.
    5. -
-

The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

-

From there, the number of steps the engine must use to validate a string just continues to grow.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StringNumber of C'sNumber of steps
ACCCX338
ACCCCX471
ACCCCCX5136
ACCCCCCCCCCCCCCX1465,553
-

By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

-

Remediation

-

There is no fixed version for github.com/whilp/git-urls.

-

References

- - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.7.17/argocd-test.html -

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/grpc/http@#a4dd357b057e - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/grpc/http@#a4dd357b057e - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/grpc/http@#a4dd357b057e - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-======== -

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/argocd-test.html -
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/r3labs/diff@1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.15.1 - › - github.com/hashicorp/go-version@1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - › - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/gosimple/slug@1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
    • -
- -
- -
- -

Overview

-

github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

-

Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

-

Notes:

-
    -

  1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

    -
    2. -

  2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

    -
    3. -

  3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

    -
    4. -

  4. The vulnerability exists in the following credential types:

    -
    5. -
-

ManagedIdentityApplication (.NET)

-

ManagedIdentityApplication (Java)

-

ManagedIdentityApplication (Node.js)

-

Remediation

-

Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Template Injection

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd › ui/yarn.lock -
    • -
  • - Package Manager: npm -
    • -
  • - Vulnerable module: - - dompurify -
    • - -
  • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - argo-cd-ui@1.0.0 - › - redoc@2.0.0-rc.64 - › - dompurify@2.3.6 - - - -
    • -
- -
- -
- -

Overview

-

dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

-

Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

-

PoC

- 
<![CDATA[ ><img src onerror=alert(1)> ]]>
-
-

Remediation

-

Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index 61dda6fca436a..0000000000000 --- a/docs/snyk/v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,5205 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:20:48 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • -
-
- -
-
49 known vulnerabilities
-
157 vulnerable dependency paths
-
786 dependencies
-
-
-
-
- -
-
-
-

Path Traversal

-
- -
- critical severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

-

Notes:

-
    -

  1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

    -
    2. -

  2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

    -
    3. -

  3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

    -
    4. -
-

Workaround

-

This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

-

Remediation

-

Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- critical severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/grpc@v1.46.2 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/grpc@v1.56.1 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Heap-based Buffer Overflow

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/mattn/go-sqlite3@v1.14.17 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

-

Remediation

-

Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Authentication

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

-

Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

-

The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

-

As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Inefficient Regular Expression Complexity

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

-

However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Excessive Iteration

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Cross-site Scripting (XSS)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/html -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/html@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

-

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

-

Details

-

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

-

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

-

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

-

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

-

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

-

Types of attacks

-

There are a few methods by which XSS can be manipulated:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeOriginDescription
StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
-

Affected environments

-

The following environments are susceptible to an XSS attack:

-
    -
  • Web servers
    • -
  • Application servers
    • -
  • Web application environments
    • -
-

How to prevent

-

This section describes the top best practices designed to specifically protect your code:

-
    -
  • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • -
  • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • -
  • Give users the option to disable client-side scripts.
    • -
  • Redirect invalid requests.
    • -
  • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • -
  • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • -
  • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • -
-

Remediation

-

Upgrade golang.org/x/net/html to version 0.13.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/consts@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/physical@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/physical/inmem@v0.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/api@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/serf/coordinate -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl/v2 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/parser@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/strconv@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/json/parser@v1.0.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/golang-lru/simplelru -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-version@v1.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-sockaddr -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-rootcerts -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-plugin -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin@v1.4.4 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-immutable-radix -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/errwrap -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/errwrap@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/consul/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/consul/api@v1.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/gosimple/slug@v1.12.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/go-sql-driver/mysql -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-sql-driver/mysql@v1.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Improper Handling of Highly Compressed Data (Data Amplification)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Resource Consumption ('Resource Exhaustion')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

-

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

-

Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

-

Workaround

-

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html b/docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html deleted file mode 100644 index 313823547dd9d..0000000000000 --- a/docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,5920 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html -

March 24th 2024, 12:21:56 am (UTC+00:00)

-======== -

June 16th 2024, 12:20:52 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html -
-
- Scanned the following path: -
    -<<<<<<<< HEAD:docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • -======== -
  • haproxy:2.6.14-alpine (apk)
    • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html -
42 known vulnerabilities
-
121 vulnerable dependency paths
-
786 dependencies
-======== -
11 known vulnerabilities
-
83 vulnerable dependency paths
-
18 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html -
-
-
-
-
- - - - - - - -
Project docker-image|haproxy
Path haproxy:2.6.14-alpine
Package Manager apk
-
-
-
-<<<<<<<< HEAD:docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html -
-

Path Traversal

-
- -
- critical severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

-

Notes:

-
    -

  1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

    -
    2. -

  2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

    -
    3. -

  3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

    -
    4. -
-

Workaround

-

This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

-

Remediation

-

Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- critical severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/grpc@v1.46.2 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/grpc@v1.56.1 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Heap-based Buffer Overflow

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/mattn/go-sqlite3@v1.14.17 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

-

Remediation

-

Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Authentication

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

-

Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

-

The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

-

As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Inefficient Regular Expression Complexity

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

-

However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Excessive Iteration

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Cross-site Scripting (XSS)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/html -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/html@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

-

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

-

Details

-

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

-

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

-

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

-

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

-

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

-

Types of attacks

-

There are a few methods by which XSS can be manipulated:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeOriginDescription
StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
-

Affected environments

-

The following environments are susceptible to an XSS attack:

-
    -
  • Web servers
    • -
  • Application servers
    • -
  • Web application environments
    • -
-

How to prevent

-

This section describes the top best practices designed to specifically protect your code:

-
    -
  • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • -
  • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • -
  • Give users the option to disable client-side scripts.
    • -
  • Redirect invalid requests.
    • -
  • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • -
  • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • -
  • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • -
-

Remediation

-

Upgrade golang.org/x/net/html to version 0.13.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/consts@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/physical@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/physical/inmem@v0.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/api@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/serf/coordinate -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl/v2 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/parser@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/strconv@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/json/parser@v1.0.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/golang-lru/simplelru -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-version@v1.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-sockaddr -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-rootcerts -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-plugin -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin@v1.4.4 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-immutable-radix -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/errwrap -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/errwrap@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/consul/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/consul/api@v1.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/gosimple/slug@v1.12.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/go-sql-driver/mysql -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-sql-driver/mysql@v1.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Improper Handling of Highly Compressed Data (Data Amplification)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Resource Consumption ('Resource Exhaustion')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

-

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

-

Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

-

Workaround

-

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-======== -
-

CVE-2023-5363

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html -
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-<<<<<<<< HEAD:docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html -

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-======== -

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.10.12/quay.io_argoproj_argocd_v2.10.12.html b/docs/snyk/v2.10.12/quay.io_argoproj_argocd_v2.10.12.html deleted file mode 100644 index ad04736403f86..0000000000000 --- a/docs/snyk/v2.10.12/quay.io_argoproj_argocd_v2.10.12.html +++ /dev/null @@ -1,4775 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:21:08 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • quay.io/argoproj/argocd:v2.10.12/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.10.12//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.10.12/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.10.12/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • -
-
- -
-
31 known vulnerabilities
-
197 vulnerable dependency paths
-
2278 dependencies
-
-
-
-
- -
-
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/http2@v0.19.0 - - - -
    • -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.17.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2020-22916

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - xz-utils/liblzma5 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and xz-utils/liblzma5@5.2.5-2ubuntu1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 xz-utils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Resource Exhaustion

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libgcrypt20 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and libgcrypt20@1.9.4-3ubuntu3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libgcrypt20.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26462

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/r3labs/diff@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-version@v1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-multierror -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/hashicorp/go-multierror@v1.1.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/gosimple/slug@v1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-7008

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps/libprocps8@2:3.3.17-6ubuntu2.1 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - util-linux@2.37.2-4ubuntu3.4 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - util-linux@2.37.2-4ubuntu3.4 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 systemd.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Arbitrary Code Injection

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - shadow/passwd -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and shadow/passwd@1:4.8.1-2ubuntu2.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 shadow.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - pcre3/libpcre3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - grep@3.7-1build1 - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 pcre3.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Release of Invalid Pointer or Reference

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and patch@2.7.6-7build2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Double Free

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and patch@2.7.6-7build2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-50495

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - bash@5.1-6ubuntu1.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - less@590-1ubuntu0.22.04.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - util-linux@2.37.2-4ubuntu3.4 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-45918

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - bash@5.1-6ubuntu1.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - less@590-1ubuntu0.22.04.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - util-linux@2.37.2-4ubuntu3.4 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Resource Exhaustion

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libzstd/libzstd1 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libzstd.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Integer Overflow or Wraparound

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26461

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnupg2/gpgv -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnupg2.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - glibc/libc-bin -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and glibc/libc-bin@2.35-0ubuntu3.8 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - glibc/libc-bin@2.35-0ubuntu3.8 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - glibc/libc6@2.35-0ubuntu3.8 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 glibc.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - git/git-man -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.10.12, git@1:2.34.1-1ubuntu1.11 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - › - git/git-man@1:2.34.1-1ubuntu1.11 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git@1:2.34.1-1ubuntu1.11 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - git-lfs@3.0.2-1ubuntu0.2 - › - git@1:2.34.1-1ubuntu1.11 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

-

Remediation

-

There is no fixed version for Ubuntu:22.04 git.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gcc-12/libstdc++6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gcc-12.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - coreutils -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and coreutils@8.32-4.1ubuntu1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - › - coreutils@8.32-4.1ubuntu1.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 coreutils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.10.12/redis_7.0.15-alpine.html b/docs/snyk/v2.10.12/redis_7.0.15-alpine.html deleted file mode 100644 index b2c73a984eee9..0000000000000 --- a/docs/snyk/v2.10.12/redis_7.0.15-alpine.html +++ /dev/null @@ -1,849 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:21:13 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • redis:7.0.15-alpine (apk)
    • -
  • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    • -
-
- -
-
3 known vulnerabilities
-
19 vulnerable dependency paths
-
18 dependencies
-
-
-
-
- -
-
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.0-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

- -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.11.3/argocd-iac-install.html b/docs/snyk/v2.11.3/argocd-iac-install.html deleted file mode 100644 index 2dc45d9f164b0..0000000000000 --- a/docs/snyk/v2.11.3/argocd-iac-install.html +++ /dev/null @@ -1,2891 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:20:24 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/install.yaml (Kubernetes)
    • -
-
- -
-
44 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/install.yaml
Path /argo-cd/manifests/install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- high severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 17] - › - rules[5] - › - resources - -
    • - -
  • - Line number: 21059 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20744 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 20829 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20857 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 20887 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 20905 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 14] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20923 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 15] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20945 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 48] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 21991 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 49] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 22278 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21552 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21803 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21769 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21863 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21962 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21986 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22278 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22043 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22363 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22714 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 21783 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 45] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 21552 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 21769 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 48] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 21962 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21552 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21769 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21803 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21863 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21962 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21986 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22278 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22043 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22363 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22714 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21693 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21811 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21786 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21896 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21979 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21993 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22285 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22251 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 50] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22624 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 51] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22915 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.11.3/argocd-iac-namespace-install.html b/docs/snyk/v2.11.3/argocd-iac-namespace-install.html deleted file mode 100644 index cb97e86b53b51..0000000000000 --- a/docs/snyk/v2.11.3/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2845 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:20:33 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
    • -
-
- -
-
43 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/namespace-install.yaml
Path /argo-cd/manifests/namespace-install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 7] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 77 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 8] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 162 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 9] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 190 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 220 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 238 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 256 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 278 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 1112 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 40] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 1399 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 924 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 984 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1107 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1399 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1164 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1484 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1835 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 904 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 36] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 890 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 924 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 984 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1083 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1107 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1399 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1164 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1484 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1835 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 814 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 932 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 907 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1017 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1100 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1114 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1406 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1372 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1745 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 2036 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.11.3/argocd-test.html b/docs/snyk/v2.11.3/argocd-test.html deleted file mode 100644 index 1472267baea59..0000000000000 --- a/docs/snyk/v2.11.3/argocd-test.html +++ /dev/null @@ -1,5791 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

March 24th 2024, 12:19:50 am (UTC+00:00)

-======== -

June 16th 2024, 12:18:30 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
-
- Scanned the following paths: -
    -
  • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
    • -
  • /argo-cd/ui/yarn.lock (yarn)
    • -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -
12 known vulnerabilities
-
108 vulnerable dependency paths
-
1856 dependencies
-======== -
9 known vulnerabilities
-
165 vulnerable dependency paths
-
2041 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
-
-
-
- -
-
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

Denial of Service (DoS)

-======== -

Allocation of Resources Without Limits or Throttling

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
- -
- high severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/go-jose/go-jose/v3 -======== - golang.org/x/net/http2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
    • - -
  • Introduced through: - - -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others -======== - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/coreos/go-oidc/v3/oidc@3.6.0 - › - github.com/go-jose/go-jose/v3@3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/soheilhy/cmux@0.1.5 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/rbac/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/errors@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/equality@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.59.0 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.59.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.26.11 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.26.11 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/testing@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/resource@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/util/retry@0.26.11 - › - k8s.io/apimachinery/pkg/api/errors@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/portforward@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - › - k8s.io/apimachinery/pkg/api/equality@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/validation@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.26.11 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.26.11 - › - k8s.io/client-go/tools/reference@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.26.11 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.26.11 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - › - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - › - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - › - k8s.io/kubectl/pkg/cmd/util@0.26.11 - › - k8s.io/kubectl/pkg/validation@0.26.11 - › - k8s.io/cli-runtime/pkg/resource@0.26.11 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - k8s.io/client-go/kubernetes@0.26.11 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#fbecbb86e412 - › - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - › - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - › - k8s.io/api/storage/v1alpha1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 -======== - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
- -
- -
- -

Overview

-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

-
    -
  • GitHub Commit
    • -
  • GitHub Issue
    • -======== -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

    More about this vulnerability

    -======== -

    More about this vulnerability

    ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
    - -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

Infinite loop

-======== -

LGPL-3.0 license

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - google.golang.org/protobuf/encoding/protojson -======== - gopkg.in/retry.v1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.58.3 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.58.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.58.3 - › - google.golang.org/grpc/internal/transport@1.58.3 - › - google.golang.org/grpc/internal/pretty@1.58.3 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 -======== ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 -======== - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
- -
- -
- -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- -======== -

LGPL-3.0 license

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

More about this vulnerability

-======== -

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/r3labs/diff@1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.15.1 - › - github.com/hashicorp/go-version@1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/xanzy/go-gitlab@0.86.0 -======== - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -======== - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/xanzy/go-gitlab@0.86.0 -======== - github.com/xanzy/go-gitlab@0.91.1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/xanzy/go-gitlab@0.86.0 -======== - github.com/xanzy/go-gitlab@0.91.1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 - › - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 -======== - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/gosimple/slug@1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

Improper Handling of Highly Compressed Data (Data Amplification)

-======== -

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/go-jose/go-jose/v3 -======== - github.com/Azure/azure-sdk-for-go/sdk/azidentity ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
    • - -
  • Introduced through: - - -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others -======== - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html - github.com/coreos/go-oidc/v3/oidc@3.6.0 - › - github.com/go-jose/go-jose/v3@3.0.0 -======== - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html - - - -
    • -
- -
- -
- -

Overview

-<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

-
    -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -======== -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -<<<<<<<< HEAD:docs/snyk/v2.8.13/argocd-test.html -

    More about this vulnerability

    -======== -

    More about this vulnerability

    -
    - -
-
-

Template Injection

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd › ui/yarn.lock -
    • -
  • - Package Manager: npm -
    • -
  • - Vulnerable module: - - dompurify -
    • - -
  • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - argo-cd-ui@1.0.0 - › - redoc@2.0.0-rc.64 - › - dompurify@2.3.6 - - - -
    • -
- -
- -
- -

Overview

-

dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

-

Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

-

PoC

- 
<![CDATA[ ><img src onerror=alert(1)> ]]>
-
-

Remediation

-

Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

-

References

- - -
- -
-

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/argocd-test.html -
- -
-
-
-
- - - diff --git a/docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html deleted file mode 100644 index 685cf28ef9934..0000000000000 --- a/docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html +++ /dev/null @@ -1,5400 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -

March 24th 2024, 12:17:49 am (UTC+00:00)

-======== -

June 16th 2024, 12:18:36 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
-
- Scanned the following paths: -
    -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • -======== -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -
42 known vulnerabilities
-
121 vulnerable dependency paths
-
786 dependencies
-======== -
34 known vulnerabilities
-
98 vulnerable dependency paths
-
829 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
-
-
-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -
-

Path Traversal

-
- -
- critical severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

-

Notes:

-
    -

  1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

    -
    2. -

  2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

    -
    3. -

  3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

    -
    4. -
-

Workaround

-

This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

-

Remediation

-

Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- critical severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-======== -
-

Allocation of Resources Without Limits or Throttling

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
- -
- high severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/grpc@v1.46.2 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/grpc@v1.56.1 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.19.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.20.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-======== -

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Heap-based Buffer Overflow

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/mattn/go-sqlite3@v1.14.17 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

-

Remediation

-

Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

-

Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

-

The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

-

As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Inefficient Regular Expression Complexity

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 -======== - openssl/libssl3@3.1.4-r2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Cross-site Scripting (XSS)

-======== -

Infinite loop

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.32.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.32.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/api@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/serf/coordinate -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl/v2 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/golang-lru/simplelru -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-version@v1.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-sockaddr -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-rootcerts -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-plugin -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin@v1.4.4 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-immutable-radix -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/errwrap -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/errwrap@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/consul/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/consul/api@v1.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/gosimple/slug@v1.12.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -======== - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/go-sql-driver/mysql -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-sql-driver/mysql@v1.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Improper Handling of Highly Compressed Data (Data Amplification)

-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Resource Consumption ('Resource Exhaustion')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

-

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

-

Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

-

Workaround

-

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-======== ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-======== -

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

-

References

- ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html -

More about this vulnerability

-======== -

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html -
- -
-
-
-
- - - diff --git a/docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html b/docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html deleted file mode 100644 index d3ea8e6abbab6..0000000000000 --- a/docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,4212 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -

March 24th 2024, 12:15:32 am (UTC+00:00)

-======== -

June 16th 2024, 12:18:41 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html -
-
- Scanned the following path: -
    -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • -======== -
  • haproxy:2.6.14-alpine (apk)
    • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html -
-
- -
-<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
27 known vulnerabilities
-
62 vulnerable dependency paths
-
829 dependencies
-======== -
11 known vulnerabilities
-
83 vulnerable dependency paths
-
18 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html -
-
-
-
-
- - - - - - - -
Project docker-image|haproxy
Path haproxy:2.6.14-alpine
Package Manager apk
-
-
-
-<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.32.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.32.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/api@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/serf/coordinate -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl/v2 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/golang-lru/simplelru -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-version@v1.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-sockaddr -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-rootcerts -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-plugin -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin@v1.4.4 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-immutable-radix -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/errwrap -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/errwrap@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/consul/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/consul/api@v1.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/gosimple/slug@v1.12.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/go-sql-driver/mysql -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-sql-driver/mysql@v1.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Improper Handling of Highly Compressed Data (Data Amplification)

-
- -
- medium severity -======== -
-

CVE-2023-5363

-
- -
- high severity ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 -======== - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libcrypto3@3.1.4-r2 -======== - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - docker-image|ghcr.io/dexidp/dex@v2.38.0 -======== - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - › - apk-tools/apk-tools@2.14.0-r5 - › -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - openssl/libcrypto3@3.1.4-r2 -======== - openssl/libcrypto3@3.1.2-r0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 -======== - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - docker-image|ghcr.io/dexidp/dex@v2.38.0 -======== - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - › - apk-tools/apk-tools@2.14.0-r5 - › -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 -======== - openssl/libssl3@3.1.2-r0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 -======== - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-<<<<<<<< HEAD:docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html -

Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

-======== -

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/haproxy_2.6.14-alpine.html - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html b/docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html deleted file mode 100644 index 256c3d35f9574..0000000000000 --- a/docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html +++ /dev/null @@ -1,7156 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

March 24th 2024, 12:18:09 am (UTC+00:00)

-======== -

June 16th 2024, 12:18:59 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
-
- Scanned the following paths: -
    -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -
  • quay.io/argoproj/argocd:v2.9.9/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.9.9//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.9.9/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.9.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • -======== -
  • quay.io/argoproj/argocd:v2.11.3/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.11.3//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.11.3/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.11.3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -
36 known vulnerabilities
-
179 vulnerable dependency paths
-
2189 dependencies
-======== -
31 known vulnerabilities
-
197 vulnerable dependency paths
-
2280 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
-
-
-
- -
-
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - google.golang.org/grpc -======== - golang.org/x/net/http2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 -======== - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - google.golang.org/grpc@v1.56.2 -======== - golang.org/x/net/http2@v0.19.0 - - - -
    • -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.17.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

Overview

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

-
-
-

CVE-2020-22916

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - xz-utils/liblzma5 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and xz-utils/liblzma5@5.2.5-2ubuntu1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and xz-utils/liblzma5@5.2.5-2ubuntu1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 xz-utils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

CVE-2023-51767

-======== -

Resource Exhaustion

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssh/openssh-client -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssh.

-

References

-
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libgcrypt20 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and libgcrypt20@1.9.4-3ubuntu3 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and libgcrypt20@1.9.4-3ubuntu3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - systemd/libsystemd0@249.11-0ubuntu3.12 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libgcrypt20.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

CVE-2024-26461

-======== -

CVE-2024-26462

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-======== -

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

More about this vulnerability

-======== -

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

CVE-2024-26462

-======== -

LGPL-3.0 license

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/crypto/ssh@v0.16.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnutls28/libgnutls30 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnutls28.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncaught Exception

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnutls28/libgnutls30 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnutls28.

-

References

- - -
- -
-

More about this vulnerability

-======== ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/r3labs/diff@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-version@v1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/helm/v3 › /usr/local/bin/helm -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/helm/v3 › /usr/local/bin/helm ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-multierror -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/hashicorp/go-multierror@v1.1.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/gosimple/slug@v1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -
-

Improper Handling of Highly Compressed Data (Data Amplification)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-======== -
-

CVE-2023-7008

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - bash -======== - systemd/libsystemd0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and bash@5.1-6ubuntu1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and systemd/libsystemd0@249.11-0ubuntu3.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - bash@5.1-6ubuntu1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps/libprocps8@2:3.3.17-6ubuntu2.1 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - util-linux@2.37.2-4ubuntu3.4 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - util-linux@2.37.2-4ubuntu3.4 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libudev1@249.11-0ubuntu3.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

NVD Description

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

-

Remediation

-

Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

-

References

-
-
-

CVE-2023-7008

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.9 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps/libprocps8@2:3.3.17-6ubuntu2.1 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 systemd.

-

References

- - -
- -
-======== ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -

More about this vulnerability

-
- -
-
-

Arbitrary Code Injection

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - shadow/passwd -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and shadow/passwd@1:4.8.1-2ubuntu2.2 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and shadow/passwd@1:4.8.1-2ubuntu2.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 shadow.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - pcre3/libpcre3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - grep@3.7-1build1 - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 pcre3.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Release of Invalid Pointer or Reference

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and patch@2.7.6-7build2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Double Free

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and patch@2.7.6-7build2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

CVE-2023-50495

-======== -

CVE-2024-2511

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - bash@5.1-6ubuntu1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - less@590-1ubuntu0.22.04.2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libedit/libedit2@3.1-20210910-1build1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - util-linux@2.37.2-4ubuntu3 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

-
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -

CVE-2023-45918

-======== -

CVE-2024-4603

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - bash@5.1-6ubuntu1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - less@590-1ubuntu0.22.04.2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libedit/libedit2@3.1-20210910-1build1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - util-linux@2.37.2-4ubuntu3 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html -======== -

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-50495

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.3 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - bash@5.1-6ubuntu1.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - less@590-1ubuntu0.22.04.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - util-linux@2.37.2-4ubuntu3.4 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-45918

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.3 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - bash@5.1-6ubuntu1.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - less@590-1ubuntu0.22.04.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - util-linux@2.37.2-4ubuntu3.4 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Resource Exhaustion

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libzstd/libzstd1 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and libzstd/libzstd1@1.4.8+dfsg-3build1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and libzstd/libzstd1@1.4.8+dfsg-3build1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libzstd.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Integer Overflow or Wraparound

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26461

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnupg2/gpgv -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnupg2.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - glibc/libc-bin -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and glibc/libc-bin@2.35-0ubuntu3.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and glibc/libc-bin@2.35-0ubuntu3.8 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - glibc/libc-bin@2.35-0ubuntu3.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - glibc/libc-bin@2.35-0ubuntu3.8 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - glibc/libc6@2.35-0ubuntu3.6 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - glibc/libc6@2.35-0ubuntu3.8 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 glibc.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - git/git-man -
    • - -
  • Introduced through: - - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9, git@1:2.34.1-1ubuntu1.10 and others -======== - docker-image|quay.io/argoproj/argocd@v2.11.3, git@1:2.34.1-1ubuntu1.11 and others ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git@1:2.34.1-1ubuntu1.11 - › - git/git-man@1:2.34.1-1ubuntu1.11 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git@1:2.34.1-1ubuntu1.11 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - git-lfs@3.0.2-1ubuntu0.2 - › - git@1:2.34.1-1ubuntu1.11 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

-

Remediation

-

There is no fixed version for Ubuntu:22.04 git.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gcc-12/libstdc++6 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - › - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gcc-12.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - coreutils -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 and coreutils@8.32-4.1ubuntu1.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 and coreutils@8.32-4.1ubuntu1.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html - docker-image|quay.io/argoproj/argocd@v2.9.9 - › - coreutils@8.32-4.1ubuntu1.1 -======== - docker-image|quay.io/argoproj/argocd@v2.11.3 - › - coreutils@8.32-4.1ubuntu1.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 coreutils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.11.3/redis_7.0.14-alpine.html b/docs/snyk/v2.11.3/redis_7.0.14-alpine.html deleted file mode 100644 index 76b8256a89710..0000000000000 --- a/docs/snyk/v2.11.3/redis_7.0.14-alpine.html +++ /dev/null @@ -1,1815 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:19:04 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • redis:7.0.14-alpine (apk)
    • -
  • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    • -
-
- -
-
9 known vulnerabilities
-
65 vulnerable dependency paths
-
19 dependencies
-
-
-
-
- -
-
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - › - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r2 - › - busybox/busybox-binsh@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html deleted file mode 100644 index 88785b4be1777..0000000000000 --- a/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html +++ /dev/null @@ -1,6120 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

March 24th 2024, 12:22:17 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • quay.io/argoproj/argocd:v2.7.17/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.7.17/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.7.17/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.7.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • -
-
- -
-
46 known vulnerabilities
-
224 vulnerable dependency paths
-
2070 dependencies
-
-
-
-
- -
-
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2/hpack -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2/hpack@v0.5.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.5.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.5.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Directory Traversal

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/cyphar/filepath-securejoin -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/cyphar/filepath-securejoin@v0.2.3 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

-

Note: - This vulnerability is only exploitable on Windows OS.

-

Details

-

A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

-

Directory Traversal vulnerabilities can be generally divided into two types:

-
    -
  • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
    • -
-

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

-

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

- 
curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
-
-

Note %2e is the URL encoded version of . (dot).

-
    -
  • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
    • -
-

One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

-

The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

- 
2018-04-15 22:04:29 .....           19           19  good.txt
-        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
-
-

Remediation

-

Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2020-22916

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - xz-utils/liblzma5 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and xz-utils/liblzma5@5.2.5-2ubuntu1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 xz-utils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-51767

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssh/openssh-client -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssh.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libgcrypt20 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and libgcrypt20@1.9.4-3ubuntu3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libgcrypt20.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2022-48624

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - less -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and less@590-1ubuntu0.22.04.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - less@590-1ubuntu0.22.04.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

-

Remediation

-

Upgrade Ubuntu:22.04 less to version 590-1ubuntu0.22.04.2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26461

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26462

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.5.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/crypto/ssh@v0.16.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnutls28/libgnutls30 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnutls28.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncaught Exception

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnutls28/libgnutls30 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnutls28.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/r3labs/diff@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-version@v1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-retryablehttp@v0.7.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/gosimple/slug@v1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/docker/distribution/registry/api/v2 -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper validation of the value passed to the n parameter in the /v2/_catalog endpoint. - Exploiting this vulnerability is possible by sending a crafted malicious request to the /v2/_catalog API endpoint, which results in an allocation of a massive string array and excessive use of memory.

-

Remediation

-

Upgrade github.com/docker/distribution/registry/api/v2 to version 2.8.2-beta.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Resource Exhaustion

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - expat/libexpat1 -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - expat/libexpat1@2.4.7-1ubuntu0.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

-

Remediation

-

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-28757

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - expat/libexpat1 -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - expat/libexpat1@2.4.7-1ubuntu0.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

-

Remediation

-

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - bash -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and bash@5.1-6ubuntu1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - bash@5.1-6ubuntu1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

-

Remediation

-

Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-7008

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps/libprocps8@2:3.3.17-6ubuntu2.1 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 systemd.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Arbitrary Code Injection

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - shadow/passwd -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - shadow/login@1:4.8.1-2ubuntu2.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 shadow.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Authentication

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - shadow/passwd -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - shadow/login@1:4.8.1-2ubuntu2.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

-

Remediation

-

Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - pcre3/libpcre3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - grep@3.7-1build1 - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 pcre3.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Release of Invalid Pointer or Reference

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Double Free

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.13 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-50495

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - bash@5.1-6ubuntu1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - less@590-1ubuntu0.22.04.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - util-linux@2.37.2-4ubuntu3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-45918

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - bash@5.1-6ubuntu1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - less@590-1ubuntu0.22.04.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - util-linux@2.37.2-4ubuntu3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Resource Exhaustion

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libzstd/libzstd1 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libzstd.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Integer Overflow or Wraparound

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.1 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnupg2/gpgv -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnupg2.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - glibc/libc-bin -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and glibc/libc-bin@2.35-0ubuntu3.6 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - glibc/libc-bin@2.35-0ubuntu3.6 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - glibc/libc6@2.35-0ubuntu3.6 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 glibc.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - git/git-man -
    • - -
  • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - › - git/git-man@1:2.34.1-1ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git@1:2.34.1-1ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - git-lfs@3.0.2-1ubuntu0.2 - › - git@1:2.34.1-1ubuntu1.10 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

-

Remediation

-

There is no fixed version for Ubuntu:22.04 git.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gcc-12/libstdc++6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gcc-12.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - coreutils -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.17 and coreutils@8.32-4.1ubuntu1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.17 - › - coreutils@8.32-4.1ubuntu1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 coreutils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.7.17/redis_7.0.14-alpine.html b/docs/snyk/v2.7.17/redis_7.0.14-alpine.html deleted file mode 100644 index ea9cd5f9152fd..0000000000000 --- a/docs/snyk/v2.7.17/redis_7.0.14-alpine.html +++ /dev/null @@ -1,993 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

March 24th 2024, 12:22:21 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • redis:7.0.14-alpine (apk)
    • -
  • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    • -
-
- -
-
3 known vulnerabilities
-
27 vulnerable dependency paths
-
19 dependencies
-
-
-
-
- -
-
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.19 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - › - openssl/libcrypto3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - .redis-rundeps@20231208.201137 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - apk-tools/apk-tools@2.14.0-r5 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.14-alpine - › - busybox/ssl_client@1.36.1-r15 - › - openssl/libssl3@3.1.4-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

- -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.9.17/argocd-iac-install.html b/docs/snyk/v2.9.17/argocd-iac-install.html deleted file mode 100644 index 7c7157d625886..0000000000000 --- a/docs/snyk/v2.9.17/argocd-iac-install.html +++ /dev/null @@ -1,2845 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:24:44 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/install.yaml (Kubernetes)
    • -
-
- -
-
43 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/install.yaml
Path /argo-cd/manifests/install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20310 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 20395 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20423 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 20453 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 20471 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 14] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20489 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 15] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20511 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 21439 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 47] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 21696 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 43] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21012 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21257 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21223 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21317 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21410 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21434 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21696 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21491 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21781 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22108 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 44] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 21237 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 43] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 21012 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 44] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 21223 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 46] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 21410 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 43] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21012 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21223 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21257 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21317 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21410 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21434 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21696 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21491 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21781 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22108 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 43] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21147 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21265 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21240 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21344 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21427 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21441 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21703 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21669 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 48] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22018 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 49] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22267 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.9.17/argocd-iac-namespace-install.html b/docs/snyk/v2.9.17/argocd-iac-namespace-install.html deleted file mode 100644 index e07f677ceb5da..0000000000000 --- a/docs/snyk/v2.9.17/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2845 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:24:52 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
    • -
-
- -
-
43 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/namespace-install.yaml
Path /argo-cd/manifests/namespace-install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 7] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 77 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 8] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 162 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 9] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 190 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 220 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 238 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 256 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 278 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - imagePullPolicy - -
    • - -
  • - Line number: 1100 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 40] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 1357 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 918 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 884 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 978 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1071 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1095 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1357 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1152 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1442 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1769 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 898 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 36] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 884 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 39] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 1071 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 673 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 884 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 918 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 978 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1071 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1095 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1357 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1152 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1442 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1769 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 808 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 926 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 901 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1005 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1088 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - initContainers[secret-init] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1102 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1364 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1330 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1679 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1928 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.9.17/argocd-test.html b/docs/snyk/v2.9.17/argocd-test.html deleted file mode 100644 index 50df0286d0894..0000000000000 --- a/docs/snyk/v2.9.17/argocd-test.html +++ /dev/null @@ -1,6056 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

March 24th 2024, 12:17:43 am (UTC+00:00)

-======== -

June 16th 2024, 12:22:56 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
-
- Scanned the following paths: -
    -
  • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
    • -
  • /argo-cd/ui/yarn.lock (yarn)
    • -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -
12 known vulnerabilities
-
133 vulnerable dependency paths
-
1917 dependencies
-======== -
11 known vulnerabilities
-
176 vulnerable dependency paths
-
1919 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
-
-
-
- -
-
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -======== -
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.17 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/soheilhy/cmux@0.1.5 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.24.17 - › - k8s.io/client-go/tools/auth@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.24.17 - › - k8s.io/client-go/testing@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.24.17 - › - k8s.io/client-go/testing@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.24.17 - › - k8s.io/client-go/transport/spdy@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/rbac/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/errors@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/equality@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - › - k8s.io/client-go/listers/core/v1@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - › - k8s.io/client-go/tools/clientcmd@0.24.17 - › - k8s.io/client-go/tools/auth@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.24.17 - › - k8s.io/client-go/listers/core/v1@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.24.17 - › - k8s.io/client-go/tools/remotecommand@0.24.17 - › - k8s.io/client-go/transport/spdy@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/managedfields@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/testing@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/resource@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/util/retry@0.24.17 - › - k8s.io/apimachinery/pkg/api/errors@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/tools/pager@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/portforward@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.17 - › - k8s.io/apimachinery/pkg/api/equality@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/validation@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.24.17 - › - k8s.io/client-go/testing@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.24.17 - › - k8s.io/client-go/testing@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.24.17 - › - k8s.io/client-go/transport/spdy@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - › - k8s.io/client-go/restmapper@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 - › - k8s.io/client-go/tools/clientcmd@0.24.17 - › - k8s.io/client-go/tools/auth@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.24.17 - › - k8s.io/client-go/listers/core/v1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.24.17 - › - k8s.io/client-go/tools/reference@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/tools/pager@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/tools/pager@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.24.17 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/tools/pager@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - › - k8s.io/client-go/listers/core/v1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.24.17 - › - k8s.io/client-go/tools/remotecommand@0.24.17 - › - k8s.io/client-go/transport/spdy@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - k8s.io/client-go/transport@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.24.17 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - › - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.17 - › - k8s.io/client-go/applyconfigurations/meta/v1@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.24.17 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/tools/pager@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - › - k8s.io/client-go/tools/clientcmd@0.24.17 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.24.17 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b0fffe419a0f - › - k8s.io/kubernetes/pkg/apis/storage/install@1.24.17 - › - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.24.17 - › - k8s.io/api/storage/v1alpha1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/client-go/rest@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - › - k8s.io/kubectl/pkg/util/openapi@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - › - k8s.io/client-go/tools/cache@0.24.17 - › - k8s.io/client-go/tools/pager@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - › - k8s.io/client-go/restmapper@0.24.17 - › - k8s.io/client-go/discovery@0.24.17 - › - k8s.io/client-go/kubernetes/scheme@0.24.17 - › - k8s.io/api/storage/v1beta1@0.24.17 - › - k8s.io/api/core/v1@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - › - k8s.io/client-go/dynamic@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - › - k8s.io/apimachinery/pkg/watch@0.24.17 - › - k8s.io/apimachinery/pkg/util/net@0.24.17 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

Infinite loop

-======== -

Regular Expression Denial of Service (ReDoS)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - google.golang.org/protobuf/internal/encoding/json -======== - github.com/whilp/git-urls ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -======== - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/whilp/git-urls@1.0.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/whilp/git-urls@1.0.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/whilp/git-urls@1.0.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/whilp/git-urls@1.0.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/whilp/git-urls@1.0.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - › - google.golang.org/protobuf/internal/encoding/json@1.31.0 -======== - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/whilp/git-urls@1.0.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
- -
- -
- -

Overview

-<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - › - google.golang.org/protobuf/types/known/structpb@1.31.0 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - › - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - › - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - › - google.golang.org/protobuf/types/known/structpb@1.31.0 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.56.2 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.56.2 - › - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.56.2 - › - google.golang.org/grpc/internal/transport@1.56.2 - › - google.golang.org/grpc/internal/pretty@1.56.2 - › - github.com/golang/protobuf/jsonpb@1.4.2 - › - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.1 - › - golang.org/x/crypto/ssh/knownhosts@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.16.0 - › - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

-
    -
  • Attack Information
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Issue
    • -
  • GitHub Issue
    • -
  • Go Forum
    • -
  • Google Groups Forum
    • -
  • Security Release
    • -======== -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

    More about this vulnerability

    -======== -

    More about this vulnerability

    ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
    - -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/r3labs/diff@1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.15.1 - › - github.com/hashicorp/go-version@1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - › - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.4 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/gosimple/slug@1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

Improper Handling of Highly Compressed Data (Data Amplification)

-======== -

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/go-jose/go-jose/v3 -======== - github.com/Azure/azure-sdk-for-go/sdk/azidentity ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -======== - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html - github.com/go-jose/go-jose/v3@3.0.1 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/coreos/go-oidc/v3/oidc@3.6.0 - › - github.com/go-jose/go-jose/v3@3.0.1 -======== - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html - - - -
    • -
- -
- -
- -

Overview

-<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

-
    -
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
    • -======== -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -<<<<<<<< HEAD:docs/snyk/v2.9.9/argocd-test.html -

    More about this vulnerability

    -======== -

    More about this vulnerability

    -
    - -
-
-

Template Injection

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: /argo-cd › ui/yarn.lock -
    • -
  • - Package Manager: npm -
    • -
  • - Vulnerable module: - - dompurify -
    • - -
  • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - argo-cd-ui@1.0.0 - › - redoc@2.0.0-rc.64 - › - dompurify@2.3.6 - - - -
    • -
- -
- -
- -

Overview

-

dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

-

Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

-

PoC

- 
<![CDATA[ ><img src onerror=alert(1)> ]]>
-
-

Remediation

-

Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

-

References

- - -
- -
-

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/argocd-test.html -
- -
-
-
-
- - - diff --git a/docs/snyk/v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index 39dd138e3930d..0000000000000 --- a/docs/snyk/v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,5205 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:23:03 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
    • -
  • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
    • -
-
- -
-
49 known vulnerabilities
-
157 vulnerable dependency paths
-
786 dependencies
-
-
-
-
- -
-
-
-

Path Traversal

-
- -
- critical severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

-

Notes:

-
    -

  1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

    -
    2. -

  2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

    -
    3. -

  3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

    -
    4. -
-

Workaround

-

This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

-

Remediation

-

Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- critical severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/grpc@v1.46.2 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/grpc@v1.56.1 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Heap-based Buffer Overflow

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/mattn/go-sqlite3@v1.14.17 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

-

Remediation

-

Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Authentication

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

-

Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

-

The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

-

As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Inefficient Regular Expression Complexity

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

-

However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Excessive Iteration

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/net/http2@v0.7.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/http2@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Cross-site Scripting (XSS)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/html -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - golang.org/x/net/html@v0.11.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

-

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

-

Details

-

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

-

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

-

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

-

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

-

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

-

Types of attacks

-

There are a few methods by which XSS can be manipulated:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeOriginDescription
StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
-

Affected environments

-

The following environments are susceptible to an XSS attack:

-
    -
  • Web servers
    • -
  • Application servers
    • -
  • Web application environments
    • -
-

How to prevent

-

This section describes the top best practices designed to specifically protect your code:

-
    -
  • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
    • -
  • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
    • -
  • Give users the option to disable client-side scripts.
    • -
  • Redirect invalid requests.
    • -
  • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
    • -
  • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
    • -
  • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
    • -
-

Remediation

-

Upgrade golang.org/x/net/html to version 0.13.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/consts@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/physical@v0.5.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/sdk/physical/inmem@v0.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/vault/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/vault/api@v1.6.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/serf/coordinate -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl/v2 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
    • -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/hcl -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/parser@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/strconv@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/hcl/json/parser@v1.0.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/golang-lru/simplelru -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-version@v1.5.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-sockaddr -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-rootcerts -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-plugin -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin@v1.4.4 - - - -
    • -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-immutable-radix -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/errwrap -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/errwrap@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/consul/api -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/hashicorp/consul/api@v1.13.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/gosimple/slug@v1.12.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/go-sql-driver/mysql -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-sql-driver/mysql@v1.7.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Improper Handling of Highly Compressed Data (Data Amplification)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex › /usr/local/bin/dex -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/dexidp/dex@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Resource Consumption ('Resource Exhaustion')

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
    • - -
  • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - › - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
    • -
- -
- -
- -

Overview

-

github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

-

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

-

Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

-

Workaround

-

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.9.17/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.17/haproxy_2.6.14-alpine.html deleted file mode 100644 index 052909ea91cb3..0000000000000 --- a/docs/snyk/v2.9.17/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,2199 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:23:06 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • haproxy:2.6.14-alpine (apk)
    • -
-
- -
-
11 known vulnerabilities
-
83 vulnerable dependency paths
-
18 dependencies
-
-
-
-
-
- - - - - - - -
Project docker-image|haproxy
Path haproxy:2.6.14-alpine
Package Manager apk
-
-
-
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - › - busybox/busybox@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r2 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

-

Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

-

When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

-

An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

-

The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-2511

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

-

Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

-

This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

-

This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4603

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - › - openssl/libcrypto3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - .haproxy-rundeps@20230809.001942 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
  • - Introduced through: - docker-image|haproxy@2.6.14-alpine - › - busybox/ssl_client@1.36.1-r2 - › - openssl/libssl3@3.1.2-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html b/docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html deleted file mode 100644 index eaf904c2a760a..0000000000000 --- a/docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html +++ /dev/null @@ -1,7495 +0,0 @@ - - - - - - - - - Snyk test report -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - -======== - ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

March 24th 2024, 12:20:18 am (UTC+00:00)

-======== -

June 16th 2024, 12:23:24 am (UTC+00:00)

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
-
- Scanned the following paths: -
    -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -
  • quay.io/argoproj/argocd:v2.8.13/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.8.13/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.8.13/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.8.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • -======== -
  • quay.io/argoproj/argocd:v2.9.17/argoproj/argocd/Dockerfile (deb)
    • -
  • quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.9.17//usr/local/bin/kustomize (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.9.17/helm/v3//usr/local/bin/helm (gomodules)
    • -
  • quay.io/argoproj/argocd:v2.9.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
-
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -
39 known vulnerabilities
-
182 vulnerable dependency paths
-
2120 dependencies
-======== -
32 known vulnerabilities
-
198 vulnerable dependency paths
-
2190 dependencies
->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
-
-
-
- -
-
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 › /usr/local/bin/helm -
    • -
  • -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/grpc -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/grpc@v1.56.2 - - - -
    • -
- -
- -
- -

Overview

-

google.golang.org/grpc is a Go implementation of gRPC

-

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-

Remediation

-

Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 -======== - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.8.0 -======== - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/http2@v0.19.0 - - - -
    • -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.17.0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

-======== -

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

-

References

- - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

More about this vulnerability

-
- -
-
-

Denial of Service (DoS)

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

-

Details

-

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

-

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

-

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

-

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

-

Two common types of DoS vulnerabilities:

-
    -

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

    -
    • -

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

    -
    • -
-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Directory Traversal

-
- -
- high severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/cyphar/filepath-securejoin -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/cyphar/filepath-securejoin@v0.2.3 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

-

Note: - This vulnerability is only exploitable on Windows OS.

-

Details

-

A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

-

Directory Traversal vulnerabilities can be generally divided into two types:

-
    -
  • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
    • -
-

st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

-

If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

- 
curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
-
-

Note %2e is the URL encoded version of . (dot).

-
    -
  • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
    • -
-

One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

-

The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

- 
2018-04-15 22:04:29 .....           19           19  good.txt
-        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
-
-

Remediation

-

Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

-

References

- - -
- -
-

More about this vulnerability

-======== -

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
-
-

CVE-2020-22916

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - xz-utils/liblzma5 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and xz-utils/liblzma5@5.2.5-2ubuntu1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and xz-utils/liblzma5@5.2.5-2ubuntu1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 xz-utils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

CVE-2023-51767

-======== -

Resource Exhaustion

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssh/openssh-client -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssh.

-

References

-
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libgcrypt20 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and libgcrypt20@1.9.4-3ubuntu3 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and libgcrypt20@1.9.4-3ubuntu3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - systemd/libsystemd0@249.11-0ubuntu3.12 - › - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libgcrypt20.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

CVE-2024-26461

-======== -

CVE-2024-26462

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-======== -

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

More about this vulnerability

-======== -

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

CVE-2024-26462

-======== -

LGPL-3.0 license

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - krb5/libk5crypto3 -======== - gopkg.in/retry.v1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 -======== - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 -======== - github.com/argoproj/argo-cd/v2@* - › - gopkg.in/retry.v1@v1.0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- -======== -

LGPL-3.0 license

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

LGPL-3.0 license

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - gopkg.in/retry.v1 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - gopkg.in/retry.v1@v1.0.3 - - - -
    • -
- -
- -
- -

LGPL-3.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Stack-based Buffer Overflow

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Infinite loop

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

-

Note:

-

This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

-

Remediation

-

Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 › /usr/local/bin/helm -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/net/http2 -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/http2@v0.8.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

-

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

-

Note:

-

This issue is related to CVE-2023-44487

-

Remediation

-

Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Authentication Bypass by Capture-replay

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - golang.org/x/crypto/ssh -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/crypto/ssh@v0.16.0 - - - -
    • -
- -
- -
- -

Overview

-

golang.org/x/crypto/ssh is a SSH client and server

-

Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

-

Note:

-
    -

  1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

    -
    2. -

  2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

    -
    3. -
-

Impact:

-

While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

-

Workaround

-

Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

-

Remediation

-

Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Information Exposure

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnutls28/libgnutls30 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnutls28.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncaught Exception

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnutls28/libgnutls30 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - git@1:2.34.1-1ubuntu1.10 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - › - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - › - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnutls28.

-

References

- - -
- -
-

More about this vulnerability

-======== -

More about this vulnerability

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/r3labs/diff -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/r3labs/diff@v1.1.0 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-version -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-version@v1.2.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-retryablehttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 › /usr/local/bin/helm -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/helm/v3 › /usr/local/bin/helm ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-multierror -
    • - -
  • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - helm.sh/helm/v3@* - › - github.com/hashicorp/go-multierror@v1.1.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/hashicorp/go-cleanhttp -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-
-

MPL-2.0 license

-
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 › /usr/local/bin/argocd ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: golang -
    • -
  • - Module: - - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/gosimple/slug@v1.13.1 - - - -
    • -
- -
- -
- -

MPL-2.0 license

- -
- -
-

More about this vulnerability

-
- -
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -
-

Improper Handling of Highly Compressed Data (Data Amplification)

-
- -
- medium severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
    • -
  • - Package Manager: golang -
    • -
  • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
    • -
- -
- -
- -

Overview

-

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

-

Remediation

-

Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-======== -
-

CVE-2023-7008

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
- medium severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - bash -======== - systemd/libsystemd0 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and bash@5.1-6ubuntu1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and systemd/libsystemd0@249.11-0ubuntu3.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - bash@5.1-6ubuntu1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps/libprocps8@2:3.3.17-6ubuntu2.1 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - util-linux@2.37.2-4ubuntu3.4 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - util-linux@2.37.2-4ubuntu3.4 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 - › - systemd/libudev1@249.11-0ubuntu3.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

NVD Description

-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

-

Remediation

-

Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

-

References

-
-
-

CVE-2023-7008

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - systemd/libsystemd0 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.13 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps/libprocps8@2:3.3.17-6ubuntu2.1 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - util-linux/bsdutils@1:2.37.2-4ubuntu3 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - libfido2/libfido2-1@1.10.0-1 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - util-linux@2.37.2-4ubuntu3 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 - › - systemd/libudev1@249.11-0ubuntu3.12 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 systemd.

-

References

- - -
- -
-======== ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -

More about this vulnerability

-
- -
-
-

Arbitrary Code Injection

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - shadow/passwd -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and shadow/passwd@1:4.8.1-2ubuntu2.2 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and shadow/passwd@1:4.8.1-2ubuntu2.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 shadow.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - pcre3/libpcre3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - grep@3.7-1build1 - › - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 pcre3.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Release of Invalid Pointer or Reference

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and patch@2.7.6-7build2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Double Free

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - patch -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and patch@2.7.6-7build2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - patch@2.7.6-7build2 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 patch.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

CVE-2023-50495

-======== -

CVE-2024-2511

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - bash@5.1-6ubuntu1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - less@590-1ubuntu0.22.04.2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libedit/libedit2@3.1-20210910-1build1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - util-linux@2.37.2-4ubuntu3 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

-
-
-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -

CVE-2023-45918

-======== -

CVE-2024-4603

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - bash@5.1-6ubuntu1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - less@590-1ubuntu0.22.04.2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libedit/libedit2@3.1-20210910-1build1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - util-linux@2.37.2-4ubuntu3 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 -======== - openssl@3.0.2-0ubuntu1.15 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html -======== -

Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

-

Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

-

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

-

Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

-

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

-

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - openssl/libssl3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - libfido2/libfido2-1@1.10.0-1 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ca-certificates@20230311ubuntu0.22.04.1 - › - openssl@3.0.2-0ubuntu1.15 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 openssl.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-50495

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.17 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - bash@5.1-6ubuntu1.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - less@590-1ubuntu0.22.04.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - util-linux@2.37.2-4ubuntu3.4 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-45918

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - ncurses/libtinfo6 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.17 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - bash@5.1-6ubuntu1.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - less@590-1ubuntu0.22.04.3 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - libedit/libedit2@3.1-20210910-1build1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - util-linux@2.37.2-4ubuntu3.4 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - › - readline/libreadline8@8.1.2-1 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - pinentry/pinentry-curses@1.1.1-1build2 - › - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - procps@2:3.3.17-6ubuntu2.1 - › - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 ncurses.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Resource Exhaustion

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - libzstd/libzstd1 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and libzstd/libzstd1@1.4.8+dfsg-3build1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and libzstd/libzstd1@1.4.8+dfsg-3build1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 libzstd.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Integer Overflow or Wraparound

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git@1:2.34.1-1ubuntu1.11 - › -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 -======== - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26461

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-26458

-
- -
- low severity -
- -
- -
    -
  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - krb5/libk5crypto3 -
    • - -
  • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - › - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - › - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - › - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - adduser@3.118ubuntu5 - › - shadow/passwd@1:4.8.1-2ubuntu2.2 - › - pam/libpam-modules@1.4.0-11ubuntu2.4 - › - libnsl/libnsl2@1.3.0-2build2 - › - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - › - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 krb5.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gnupg2/gpgv -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - › - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - › - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gnupg2.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Allocation of Resources Without Limits or Throttling

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - glibc/libc-bin -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and glibc/libc-bin@2.35-0ubuntu3.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and glibc/libc-bin@2.35-0ubuntu3.8 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - glibc/libc-bin@2.35-0ubuntu3.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - glibc/libc-bin@2.35-0ubuntu3.8 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - glibc/libc6@2.35-0ubuntu3.6 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - glibc/libc6@2.35-0ubuntu3.8 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 glibc.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - git/git-man -
    • - -
  • Introduced through: - - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13, git@1:2.34.1-1ubuntu1.10 and others -======== - docker-image|quay.io/argoproj/argocd@v2.9.17, git@1:2.34.1-1ubuntu1.11 and others ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git@1:2.34.1-1ubuntu1.11 - › - git/git-man@1:2.34.1-1ubuntu1.11 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git@1:2.34.1-1ubuntu1.11 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - git-lfs@3.0.2-1ubuntu0.2 - › - git@1:2.34.1-1ubuntu1.11 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

-

Remediation

-

There is no fixed version for Ubuntu:22.04 git.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Uncontrolled Recursion

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - gcc-12/libstdc++6 -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - apt@2.4.11 - › - apt/libapt-pkg6.0@2.4.11 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - apt@2.4.12 - › - apt/libapt-pkg6.0@2.4.12 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
    • -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - › - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 gcc-12.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Input Validation

-
- -
- low severity -
- -
- -
    -
  • -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd › Dockerfile -======== - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd › Dockerfile ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html -
    • -
  • - Package Manager: ubuntu:22.04 -
    • -
  • - Vulnerable module: - - coreutils -
    • - -
  • Introduced through: - -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 and coreutils@8.32-4.1ubuntu1.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 and coreutils@8.32-4.1ubuntu1.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: -<<<<<<<< HEAD:docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html - docker-image|quay.io/argoproj/argocd@v2.8.13 - › - coreutils@8.32-4.1ubuntu1.1 -======== - docker-image|quay.io/argoproj/argocd@v2.9.17 - › - coreutils@8.32-4.1ubuntu1.2 ->>>>>>>> refs/heads/2.12-upstream:docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

-

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

-

Remediation

-

There is no fixed version for Ubuntu:22.04 coreutils.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.9.17/redis_7.0.15-alpine.html b/docs/snyk/v2.9.17/redis_7.0.15-alpine.html deleted file mode 100644 index 09de90da5f9fc..0000000000000 --- a/docs/snyk/v2.9.17/redis_7.0.15-alpine.html +++ /dev/null @@ -1,849 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

June 16th 2024, 12:23:28 am (UTC+00:00)

-
-
- Scanned the following paths: -
    -
  • redis:7.0.15-alpine (apk)
    • -
  • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    • -
-
- -
-
3 known vulnerabilities
-
19 vulnerable dependency paths
-
18 dependencies
-
-
-
-
- -
-
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Use After Free

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and busybox/busybox@1.36.1-r28 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - › - busybox/busybox@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - alpine-baselayout/alpine-baselayout@3.6.5-r0 - › - busybox/busybox-binsh@1.36.1-r28 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

-

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

-

Remediation

-

Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-4741

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.20 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.0-r2 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - › - openssl/libcrypto3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - .redis-rundeps@20240524.005525 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - apk-tools/apk-tools@2.14.4-r0 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.15-alpine - › - busybox/ssl_client@1.36.1-r28 - › - openssl/libssl3@3.3.0-r2 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

- -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/snyk/v2.9.9/argocd-iac-install.html b/docs/snyk/v2.9.9/argocd-iac-install.html deleted file mode 100644 index e25fc886459cb..0000000000000 --- a/docs/snyk/v2.9.9/argocd-iac-install.html +++ /dev/null @@ -1,2575 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

March 24th 2024, 12:19:27 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/install.yaml (Kubernetes)
    • -
-
- -
-
38 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/install.yaml
Path /argo-cd/manifests/install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20316 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 20401 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 12] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20429 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 20459 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 13] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 20477 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 14] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 20493 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 45] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 21633 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 20978 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21223 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21189 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 43] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21283 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21376 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21633 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21433 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 21718 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 22040 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 42] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 21203 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 41] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 20978 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 42] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 21189 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 44] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 21376 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 20978 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21189 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21223 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 43] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21283 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21376 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21633 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21433 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 21718 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 22040 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 41] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21113 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21231 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 42] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21206 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 43] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21310 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 44] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21386 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21640 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 45] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21606 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 46] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 21950 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 47] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 22188 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.9.9/argocd-iac-namespace-install.html b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html deleted file mode 100644 index 5fd494538c87c..0000000000000 --- a/docs/snyk/v2.9.9/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2575 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

March 24th 2024, 12:19:35 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
    • -
-
- -
-
38 total issues
-
-
-
-
- -
- - - - - - -
Project manifests/namespace-install.yaml
Path /argo-cd/manifests/namespace-install.yaml
Project Type Kubernetes
-
-
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 7] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 77 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 8] - › - rules[4] - › - resources - -
    • - -
  • - Line number: 162 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 9] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 190 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[1] - › - resources - -
    • - -
  • - Line number: 220 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 10] - › - rules[3] - › - resources - -
    • - -
  • - Line number: 238 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Role or ClusterRole with dangerous permissions

-
- -
- medium severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-47 -
    • - -
  • Introduced through: - [DocId: 11] - › - rules[0] - › - resources - -
    • - -
  • - Line number: 254 -
    • -
- -
- -

Impact

-

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

- -

Remediation

-

Consider removing these permissions

- - -
-
- -
-

More about this issue

-
- -
-
-

Container could be running with outdated image

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-42 -
    • - -
  • Introduced through: - [DocId: 38] - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - imagePullPolicy - -
    • - -
  • - Line number: 1288 -
    • -
- -
- -

Impact

-

The container may run with outdated or unauthorized image

- -

Remediation

-

Set `imagePullPolicy` attribute to `Always`

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 34] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 633 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 35] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 878 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 35] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 844 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 938 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1031 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1288 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1088 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1373 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container has no CPU limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-5 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - cpu - -
    • - -
  • - Line number: 1695 -
    • -
- -
- -

Impact

-

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

- -

Remediation

-

Add `resources.limits.cpu` field with required CPU limit value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running with multiple open ports

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-36 -
    • - -
  • Introduced through: - [DocId: 35] - › - spec - › - template - › - spec - › - containers[dex] - › - ports - -
    • - -
  • - Line number: 858 -
    • -
- -
- -

Impact

-

Increases the attack surface of the application and the container.

- -

Remediation

-

Reduce `ports` count to 2

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 34] - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - livenessProbe - -
    • - -
  • - Line number: 633 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 35] - › - spec - › - template - › - spec - › - containers[dex] - › - livenessProbe - -
    • - -
  • - Line number: 844 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without liveness probe

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-41 -
    • - -
  • Introduced through: - [DocId: 37] - › - spec - › - template - › - spec - › - containers[redis] - › - livenessProbe - -
    • - -
  • - Line number: 1031 -
    • -
- -
- -

Impact

-

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

- -

Remediation

-

Add `livenessProbe` attribute

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 34] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 633 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 35] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 844 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 35] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 878 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 938 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1031 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1288 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1088 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1373 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container is running without memory limit

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-4 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - resources - › - limits - › - memory - -
    • - -
  • - Line number: 1695 -
    • -
- -
- -

Impact

-

Containers without memory limits are more likely to be terminated when the node runs out of memory

- -

Remediation

-

Set `resources.limits.memory` value

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 34] - › - input - › - spec - › - template - › - spec - › - containers[argocd-applicationset-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 768 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 35] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 886 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 35] - › - input - › - spec - › - template - › - spec - › - containers[dex] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 861 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 36] - › - input - › - spec - › - template - › - spec - › - containers[argocd-notifications-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 965 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 37] - › - input - › - spec - › - template - › - spec - › - containers[redis] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1041 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - initContainers[copyutil] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1295 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 38] - › - input - › - spec - › - template - › - spec - › - containers[argocd-repo-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1261 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 39] - › - input - › - spec - › - template - › - spec - › - containers[argocd-server] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1605 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-

Container's or Pod's UID could clash with host's UID

-
- -
- low severity -
- -
- -
    -
  • - Public ID: SNYK-CC-K8S-11 -
    • - -
  • Introduced through: - [DocId: 40] - › - input - › - spec - › - template - › - spec - › - containers[argocd-application-controller] - › - securityContext - › - runAsUser - -
    • - -
  • - Line number: 1843 -
    • -
- -
- -

Impact

-

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

- -

Remediation

-

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

- - -
-
- -
-

More about this issue

-
- -
-
-
- -
- - - diff --git a/docs/snyk/v2.9.9/redis_7.0.11-alpine.html b/docs/snyk/v2.9.9/redis_7.0.11-alpine.html deleted file mode 100644 index 55538b9b23982..0000000000000 --- a/docs/snyk/v2.9.9/redis_7.0.11-alpine.html +++ /dev/null @@ -1,2032 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
-
-
-
- - - Snyk - Open Source Security - - - - - - - -
-

Snyk test report

- -

March 24th 2024, 12:18:14 am (UTC+00:00)

-
-
- Scanned the following path: -
    -
  • redis:7.0.11-alpine (apk)
    • -
-
- -
-
9 known vulnerabilities
-
77 vulnerable dependency paths
-
18 dependencies
-
-
-
-
-
- - - - - - - -
Project docker-image|redis
Path redis:7.0.11-alpine
Package Manager apk
-
-
-
-
-

Out-of-bounds Write

-
- -
- critical severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - busybox/busybox -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - › - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - alpine-baselayout/alpine-baselayout@3.4.3-r1 - › - busybox/busybox-binsh@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

-

Remediation

-

Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-5363

-
- -
- high severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

-

Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

-

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

-

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

-

Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

-

Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

-

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Authentication

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

-

Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

-

The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

-

As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Inefficient Regular Expression Complexity

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

-

However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Excessive Iteration

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Checking excessively long DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

-

The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

-

An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

-

The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

-

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Improper Check for Unusual or Exceptional Conditions

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

-

Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

-

While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

-

Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

-

An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

-

DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

-

Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

-

The OpenSSL SSL/TLS implementation is not affected by this issue.

-

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

Out-of-bounds Write

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

-

Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

-

The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

-

The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

-

The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2024-0727

-
- -
- medium severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

-

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

-

Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

-

A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

-

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

-

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

-

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

-

References

- - -
- -
-

More about this vulnerability

-
- -
-
-

CVE-2023-6237

-
- -
- low severity -
- -
- -
    -
  • - Package Manager: alpine:3.18 -
    • -
  • - Vulnerable module: - - openssl/libcrypto3 -
    • - -
  • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
    • -
- -
- - -

Detailed paths

- -
    -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - › - openssl/libcrypto3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - .redis-rundeps@20230614.215749 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - apk-tools/apk-tools@2.14.0-r2 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
  • - Introduced through: - docker-image|redis@7.0.11-alpine - › - busybox/ssl_client@1.36.1-r0 - › - openssl/libssl3@3.1.1-r1 - - - -
    • -
- -
- -
- -

NVD Description

-

This vulnerability has not been analyzed by NVD yet.

-

Remediation

-

Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

- -
- -
-

More about this vulnerability

-
- -
-
-
-
- - - diff --git a/docs/user-guide/annotations-and-labels.md b/docs/user-guide/annotations-and-labels.md index 032824c8708f3..2b4e9968dcfb4 100644 --- a/docs/user-guide/annotations-and-labels.md +++ b/docs/user-guide/annotations-and-labels.md @@ -14,6 +14,7 @@ | argocd.argoproj.io/sync-options | any | [see sync options docs](sync-options.md) | Provides a variety of settings to determine how an Application's resources are synced. | | argocd.argoproj.io/sync-wave | any | [see sync waves docs](sync-waves.md) | | | argocd.argoproj.io/tracking-id | any | any | Used by Argo CD to track resources it manages. See [resource tracking docs](resource_tracking.md) for details. | +| argocd.argoproj.io/ignore-resource-updates | any | `"true"`, `false` | Used by Argo CD to ignore resource updates. See [reconcile docs](..%2Foperator-manual%2Freconcile.md)reconcile_docs for details. | | link.argocd.argoproj.io/{some link name} | any | An http(s) URL | Adds a link to the Argo CD UI for the resource. See [external URL docs](external-url.md) for details. | | pref.argocd.argoproj.io/default-pod-sort | Application | [see UI customization docs](../operator-manual/ui-customization.md) | Sets the Application's default grouping mechanism. | | pref.argocd.argoproj.io/default-view | Application | [see UI customization docs](../operator-manual/ui-customization.md) | Sets the Application's default view mode (e.g. "tree" or "list") | diff --git a/docs/user-guide/commands/argocd.md b/docs/user-guide/commands/argocd.md index 36c992b3617fb..233b800dd2875 100644 --- a/docs/user-guide/commands/argocd.md +++ b/docs/user-guide/commands/argocd.md @@ -11,6 +11,7 @@ argocd [flags] ### Options ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account.md b/docs/user-guide/commands/argocd_account.md index 88d483ffac68e..20cd868461914 100644 --- a/docs/user-guide/commands/argocd_account.md +++ b/docs/user-guide/commands/argocd_account.md @@ -52,6 +52,7 @@ argocd account [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_bcrypt.md b/docs/user-guide/commands/argocd_account_bcrypt.md index 6bc282cfaab1e..c38614424c081 100644 --- a/docs/user-guide/commands/argocd_account_bcrypt.md +++ b/docs/user-guide/commands/argocd_account_bcrypt.md @@ -25,6 +25,7 @@ argocd account bcrypt --password YOUR_PASSWORD ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_can-i.md b/docs/user-guide/commands/argocd_account_can-i.md index 6e6cb2bea524b..149d2ef6e53d4 100644 --- a/docs/user-guide/commands/argocd_account_can-i.md +++ b/docs/user-guide/commands/argocd_account_can-i.md @@ -35,6 +35,7 @@ Resources: [clusters projects applications applicationsets repositories certific ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_delete-token.md b/docs/user-guide/commands/argocd_account_delete-token.md index 6ef4cf11499fe..739481569c892 100644 --- a/docs/user-guide/commands/argocd_account_delete-token.md +++ b/docs/user-guide/commands/argocd_account_delete-token.md @@ -28,6 +28,7 @@ argocd account delete-token --account ID ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_generate-token.md b/docs/user-guide/commands/argocd_account_generate-token.md index 0d21d36ad32ff..1ee8a551b3036 100644 --- a/docs/user-guide/commands/argocd_account_generate-token.md +++ b/docs/user-guide/commands/argocd_account_generate-token.md @@ -30,6 +30,7 @@ argocd account generate-token --account ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_get-user-info.md b/docs/user-guide/commands/argocd_account_get-user-info.md index 66603a52b2628..7f223f06c7aa2 100644 --- a/docs/user-guide/commands/argocd_account_get-user-info.md +++ b/docs/user-guide/commands/argocd_account_get-user-info.md @@ -28,6 +28,7 @@ argocd account get-user-info [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_get.md b/docs/user-guide/commands/argocd_account_get.md index fbe0ef6027141..af44a3493313d 100644 --- a/docs/user-guide/commands/argocd_account_get.md +++ b/docs/user-guide/commands/argocd_account_get.md @@ -29,6 +29,7 @@ argocd account get --account ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_list.md b/docs/user-guide/commands/argocd_account_list.md index 0082c0260496c..14a024b244e51 100644 --- a/docs/user-guide/commands/argocd_account_list.md +++ b/docs/user-guide/commands/argocd_account_list.md @@ -24,6 +24,7 @@ argocd account list ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_account_update-password.md b/docs/user-guide/commands/argocd_account_update-password.md index ed84a7da00617..e770207a9f6d1 100644 --- a/docs/user-guide/commands/argocd_account_update-password.md +++ b/docs/user-guide/commands/argocd_account_update-password.md @@ -40,6 +40,7 @@ argocd account update-password [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin.md b/docs/user-guide/commands/argocd_admin.md index 0aa338f1570e2..d1a3581a40ce6 100644 --- a/docs/user-guide/commands/argocd_admin.md +++ b/docs/user-guide/commands/argocd_admin.md @@ -30,6 +30,7 @@ $ argocd admin initial-password reset ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_app.md b/docs/user-guide/commands/argocd_admin_app.md index 58e0f50f25846..2906cc7bb5607 100644 --- a/docs/user-guide/commands/argocd_admin_app.md +++ b/docs/user-guide/commands/argocd_admin_app.md @@ -32,6 +32,7 @@ argocd admin app get-reconcile-results APPNAME ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_app_diff-reconcile-results.md b/docs/user-guide/commands/argocd_admin_app_diff-reconcile-results.md index 39190e23349fc..ee707903187ac 100644 --- a/docs/user-guide/commands/argocd_admin_app_diff-reconcile-results.md +++ b/docs/user-guide/commands/argocd_admin_app_diff-reconcile-results.md @@ -17,6 +17,7 @@ argocd admin app diff-reconcile-results PATH1 PATH2 [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_app_generate-spec.md b/docs/user-guide/commands/argocd_admin_app_generate-spec.md index ed9f36a4268c0..e17d9ce97aa5d 100644 --- a/docs/user-guide/commands/argocd_admin_app_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_app_generate-spec.md @@ -47,7 +47,10 @@ argocd admin app generate-spec APPNAME [flags] --directory-recurse Recurse directory --env string Application environment to monitor -f, --file string Filename or URL to Kubernetes manifests for the app + --helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster --helm-chart string Helm Chart name + --helm-kube-version string Helm kube-version to use when running helm template. If not set, use the kube version from the destination cluster + --helm-namespace string Helm namespace to use when running helm template. If not set, use app.spec.destination.namespace --helm-pass-credentials Pass credentials to all domain --helm-set stringArray Helm set values on the command line (can be repeated to set several values: --helm-set key1=val1 --helm-set key2=val2) --helm-set-file stringArray Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2) @@ -62,11 +65,13 @@ argocd admin app generate-spec APPNAME [flags] --jsonnet-libs stringArray Additional jsonnet libs (prefixed by repoRoot) --jsonnet-tla-code stringArray Jsonnet top level code arguments --jsonnet-tla-str stringArray Jsonnet top level string arguments + --kustomize-api-versions stringArray api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster. Only applicable when Helm is enabled for Kustomize builds --kustomize-common-annotation stringArray Set common labels in Kustomize --kustomize-common-label stringArray Set common labels in Kustomize --kustomize-force-common-annotation Force common annotations in Kustomize --kustomize-force-common-label Force common labels in Kustomize --kustomize-image stringArray Kustomize images (e.g. --kustomize-image node:8.15.0 --kustomize-image mysql=mariadb,alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d) + --kustomize-kube-version string kube-version to use when running helm template. If not set, use the kube version from the destination cluster. Only applicable when Helm is enabled for Kustomize builds --kustomize-label-without-selector Do not apply common label to selectors or templates --kustomize-namespace string Kustomize namespace --kustomize-replica stringArray Kustomize replicas (e.g. --kustomize-replica my-development=2 --kustomize-replica my-statefulset=4) @@ -86,6 +91,7 @@ argocd admin app generate-spec APPNAME [flags] --revision string The tracking source branch, tag, commit or Helm chart version the application will sync to --revision-history-limit int How many items to keep in revision history (default 10) --self-heal Set self healing when sync is automated + --set-finalizer Sets deletion finalizer on the application, application resources will be cascaded on deletion --sync-option Prune=false Add or remove a sync option, e.g add Prune=false. Remove using `!` prefix, e.g. `!Prune=false` --sync-policy string Set the sync policy (one of: manual (aliases of manual: none), automated (aliases of automated: auto, automatic)) --sync-retry-backoff-duration duration Sync retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s) @@ -100,6 +106,7 @@ argocd admin app generate-spec APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md b/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md index 4e696bd994903..4748b75b57b05 100644 --- a/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md +++ b/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md @@ -43,6 +43,7 @@ argocd admin app get-reconcile-results PATH [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster.md b/docs/user-guide/commands/argocd_admin_cluster.md index 544c0de08959c..380b9577cfc2c 100644 --- a/docs/user-guide/commands/argocd_admin_cluster.md +++ b/docs/user-guide/commands/argocd_admin_cluster.md @@ -31,6 +31,7 @@ argocd admin cluster namespaces my-cluster ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md b/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md index 100460213bd73..a3e8ec745da79 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md @@ -41,6 +41,7 @@ argocd admin cluster generate-spec CONTEXT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md b/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md index 38f61ce5cd8a2..2eec1d91b8d66 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md +++ b/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md @@ -54,6 +54,7 @@ argocd admin cluster kubeconfig https://cluster-api-url:6443 /path/to/output/kub ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_namespaces.md b/docs/user-guide/commands/argocd_admin_cluster_namespaces.md index fee5c7679e159..f7f339964e500 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_namespaces.md +++ b/docs/user-guide/commands/argocd_admin_cluster_namespaces.md @@ -37,6 +37,7 @@ argocd admin cluster namespaces [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_namespaces_disable-namespaced-mode.md b/docs/user-guide/commands/argocd_admin_cluster_namespaces_disable-namespaced-mode.md index fcbebd7612337..e2d89d36e02e3 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_namespaces_disable-namespaced-mode.md +++ b/docs/user-guide/commands/argocd_admin_cluster_namespaces_disable-namespaced-mode.md @@ -38,6 +38,7 @@ argocd admin cluster namespaces disable-namespaced-mode PATTERN [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_namespaces_enable-namespaced-mode.md b/docs/user-guide/commands/argocd_admin_cluster_namespaces_enable-namespaced-mode.md index 762a652d7ab12..9f8dd9047c8a9 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_namespaces_enable-namespaced-mode.md +++ b/docs/user-guide/commands/argocd_admin_cluster_namespaces_enable-namespaced-mode.md @@ -40,6 +40,7 @@ argocd admin cluster namespaces enable-namespaced-mode PATTERN [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_shards.md b/docs/user-guide/commands/argocd_admin_cluster_shards.md index 44efa4392b9ac..59c8d4b17a27f 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_shards.md +++ b/docs/user-guide/commands/argocd_admin_cluster_shards.md @@ -53,6 +53,7 @@ argocd admin cluster shards [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_cluster_stats.md b/docs/user-guide/commands/argocd_admin_cluster_stats.md index 18aa583f01305..9238049782b62 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_stats.md +++ b/docs/user-guide/commands/argocd_admin_cluster_stats.md @@ -67,6 +67,7 @@ argocd admin cluster stats target-cluster ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_dashboard.md b/docs/user-guide/commands/argocd_admin_dashboard.md index 71e11a173906a..f19fcb8785ee8 100644 --- a/docs/user-guide/commands/argocd_admin_dashboard.md +++ b/docs/user-guide/commands/argocd_admin_dashboard.md @@ -54,6 +54,7 @@ $ argocd admin dashboard --redis-compress gzip ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_export.md b/docs/user-guide/commands/argocd_admin_export.md index d168fe5450a74..2da5df239cc10 100644 --- a/docs/user-guide/commands/argocd_admin_export.md +++ b/docs/user-guide/commands/argocd_admin_export.md @@ -11,33 +11,36 @@ argocd admin export [flags] ### Options ``` - --as string Username to impersonate for the operation - --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. - --as-uid string UID to impersonate for the operation - --certificate-authority string Path to a cert file for the certificate authority - --client-certificate string Path to a client certificate file for TLS - --client-key string Path to a client key file for TLS - --cluster string The name of the kubeconfig cluster to use - --context string The name of the kubeconfig context to use - --disable-compression If true, opt-out of response compression for all requests to the server - -h, --help help for export - --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure - --kubeconfig string Path to a kube config. Only required if out-of-cluster - -n, --namespace string If present, the namespace scope for this CLI request - -o, --out string Output to the specified file instead of stdout (default "-") - --password string Password for basic authentication to the API server - --proxy-url string If provided, this URL will be used to connect via proxy - --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") - --server string The address and port of the Kubernetes API server - --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --token string Bearer token for authentication to the API server - --user string The name of the kubeconfig user to use - --username string Username for basic authentication to the API server + --application-namespaces strings Comma separated list of namespace globs to export applications from. If not provided value from 'application.namespaces' in argocd-cmd-params-cm will be used,if it's not defined only applications from Argo CD namespace will be exported + --applicationset-namespaces strings Comma separated list of namespace globs to export applicationsets from. If not provided value from 'applicationsetcontroller.namespaces' in argocd-cmd-params-cm will be used,if it's not defined only applicationsets from Argo CD namespace will be exported + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --disable-compression If true, opt-out of response compression for all requests to the server + -h, --help help for export + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + -n, --namespace string If present, the namespace scope for this CLI request + -o, --out string Output to the specified file instead of stdout (default "-") + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server ``` ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_import.md b/docs/user-guide/commands/argocd_admin_import.md index dc8a4b2dbf947..07a79636d307a 100644 --- a/docs/user-guide/commands/argocd_admin_import.md +++ b/docs/user-guide/commands/argocd_admin_import.md @@ -11,36 +11,40 @@ argocd admin import SOURCE [flags] ### Options ``` - --as string Username to impersonate for the operation - --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. - --as-uid string UID to impersonate for the operation - --certificate-authority string Path to a cert file for the certificate authority - --client-certificate string Path to a client certificate file for TLS - --client-key string Path to a client key file for TLS - --cluster string The name of the kubeconfig cluster to use - --context string The name of the kubeconfig context to use - --disable-compression If true, opt-out of response compression for all requests to the server - --dry-run Print what will be performed - -h, --help help for import - --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure - --kubeconfig string Path to a kube config. Only required if out-of-cluster - -n, --namespace string If present, the namespace scope for this CLI request - --password string Password for basic authentication to the API server - --proxy-url string If provided, this URL will be used to connect via proxy - --prune Prune secrets, applications and projects which do not appear in the backup - --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") - --server string The address and port of the Kubernetes API server - --stop-operation Stop any existing operations - --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --token string Bearer token for authentication to the API server - --user string The name of the kubeconfig user to use - --username string Username for basic authentication to the API server - --verbose Verbose output (versus only changed output) + --application-namespaces strings Comma separated list of namespace globs to which import of applications is allowed. If not provided value from 'application.namespaces' in argocd-cmd-params-cm will be used,if it's not defined only applications without an explicit namespace will be imported to the Argo CD namespace + --applicationset-namespaces strings Comma separated list of namespace globs which import of applicationsets is allowed. If not provided value from 'applicationsetcontroller.namespaces' in argocd-cmd-params-cm will be used,if it's not defined only applicationsets without an explicit namespace will be imported to the Argo CD namespace + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --disable-compression If true, opt-out of response compression for all requests to the server + --dry-run Print what will be performed + -h, --help help for import + --ignore-tracking Do not update the tracking annotation if the resource is already tracked + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + -n, --namespace string If present, the namespace scope for this CLI request + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --prune Prune secrets, applications and projects which do not appear in the backup + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --stop-operation Stop any existing operations + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server + --verbose Verbose output (versus only changed output) ``` ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_initial-password.md b/docs/user-guide/commands/argocd_admin_initial-password.md index dbc44561debdc..3df3bdc666559 100644 --- a/docs/user-guide/commands/argocd_admin_initial-password.md +++ b/docs/user-guide/commands/argocd_admin_initial-password.md @@ -37,6 +37,7 @@ argocd admin initial-password [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_notifications.md b/docs/user-guide/commands/argocd_admin_notifications.md index 87429217f99e9..9159d1af3c0cb 100644 --- a/docs/user-guide/commands/argocd_admin_notifications.md +++ b/docs/user-guide/commands/argocd_admin_notifications.md @@ -42,6 +42,7 @@ argocd admin notifications [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_notifications_template.md b/docs/user-guide/commands/argocd_admin_notifications_template.md index 75d5700aaac04..9ac47ec7c0889 100644 --- a/docs/user-guide/commands/argocd_admin_notifications_template.md +++ b/docs/user-guide/commands/argocd_admin_notifications_template.md @@ -17,6 +17,7 @@ argocd admin notifications template [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --argocd-repo-server string Argo CD repo server address (default "argocd-repo-server:8081") --argocd-repo-server-plaintext Use a plaintext client (non-TLS) to connect to repository server --argocd-repo-server-strict-tls Perform strict validation of TLS certificates when connecting to repo server diff --git a/docs/user-guide/commands/argocd_admin_notifications_template_get.md b/docs/user-guide/commands/argocd_admin_notifications_template_get.md index 214a8e5cd442b..e82bca7716114 100644 --- a/docs/user-guide/commands/argocd_admin_notifications_template_get.md +++ b/docs/user-guide/commands/argocd_admin_notifications_template_get.md @@ -29,6 +29,7 @@ argocd admin notifications template get app-sync-succeeded -o=yaml ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --argocd-repo-server string Argo CD repo server address (default "argocd-repo-server:8081") --argocd-repo-server-plaintext Use a plaintext client (non-TLS) to connect to repository server --argocd-repo-server-strict-tls Perform strict validation of TLS certificates when connecting to repo server diff --git a/docs/user-guide/commands/argocd_admin_notifications_template_notify.md b/docs/user-guide/commands/argocd_admin_notifications_template_notify.md index 4f94a9d960476..64ab824453321 100644 --- a/docs/user-guide/commands/argocd_admin_notifications_template_notify.md +++ b/docs/user-guide/commands/argocd_admin_notifications_template_notify.md @@ -30,6 +30,7 @@ argocd admin notifications template notify app-sync-succeeded guestbook ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --argocd-repo-server string Argo CD repo server address (default "argocd-repo-server:8081") --argocd-repo-server-plaintext Use a plaintext client (non-TLS) to connect to repository server --argocd-repo-server-strict-tls Perform strict validation of TLS certificates when connecting to repo server diff --git a/docs/user-guide/commands/argocd_admin_notifications_trigger.md b/docs/user-guide/commands/argocd_admin_notifications_trigger.md index d6ff9e53ab235..faa9fb3674fc5 100644 --- a/docs/user-guide/commands/argocd_admin_notifications_trigger.md +++ b/docs/user-guide/commands/argocd_admin_notifications_trigger.md @@ -17,6 +17,7 @@ argocd admin notifications trigger [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --argocd-repo-server string Argo CD repo server address (default "argocd-repo-server:8081") --argocd-repo-server-plaintext Use a plaintext client (non-TLS) to connect to repository server --argocd-repo-server-strict-tls Perform strict validation of TLS certificates when connecting to repo server diff --git a/docs/user-guide/commands/argocd_admin_notifications_trigger_get.md b/docs/user-guide/commands/argocd_admin_notifications_trigger_get.md index acd2ab5af9553..d439ada6634eb 100644 --- a/docs/user-guide/commands/argocd_admin_notifications_trigger_get.md +++ b/docs/user-guide/commands/argocd_admin_notifications_trigger_get.md @@ -29,6 +29,7 @@ argocd admin notifications trigger get on-sync-failed -o=yaml ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --argocd-repo-server string Argo CD repo server address (default "argocd-repo-server:8081") --argocd-repo-server-plaintext Use a plaintext client (non-TLS) to connect to repository server --argocd-repo-server-strict-tls Perform strict validation of TLS certificates when connecting to repo server diff --git a/docs/user-guide/commands/argocd_admin_notifications_trigger_run.md b/docs/user-guide/commands/argocd_admin_notifications_trigger_run.md index f8bebb2937937..68a39f102da17 100644 --- a/docs/user-guide/commands/argocd_admin_notifications_trigger_run.md +++ b/docs/user-guide/commands/argocd_admin_notifications_trigger_run.md @@ -29,6 +29,7 @@ argocd admin notifications trigger run on-sync-status-unknown ./sample-app.yaml ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --argocd-repo-server string Argo CD repo server address (default "argocd-repo-server:8081") --argocd-repo-server-plaintext Use a plaintext client (non-TLS) to connect to repository server --argocd-repo-server-strict-tls Perform strict validation of TLS certificates when connecting to repo server diff --git a/docs/user-guide/commands/argocd_admin_proj.md b/docs/user-guide/commands/argocd_admin_proj.md index b22a2513b7e4d..61753e9dd8bf9 100644 --- a/docs/user-guide/commands/argocd_admin_proj.md +++ b/docs/user-guide/commands/argocd_admin_proj.md @@ -17,6 +17,7 @@ argocd admin proj [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_proj_generate-allow-list.md b/docs/user-guide/commands/argocd_admin_proj_generate-allow-list.md index 83dc00a6096b4..b6c025e9beb3f 100644 --- a/docs/user-guide/commands/argocd_admin_proj_generate-allow-list.md +++ b/docs/user-guide/commands/argocd_admin_proj_generate-allow-list.md @@ -45,6 +45,7 @@ argocd admin proj generate-allow-list /path/to/clusterrole.yaml my-project ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_proj_generate-spec.md b/docs/user-guide/commands/argocd_admin_proj_generate-spec.md index b4f544367813d..f1c309cf3f49f 100644 --- a/docs/user-guide/commands/argocd_admin_proj_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_proj_generate-spec.md @@ -30,6 +30,7 @@ argocd admin proj generate-spec PROJECT [flags] --deny-namespaced-resource stringArray List of denied namespaced resources --description string Project description -d, --dest stringArray Permitted destination server and namespace (e.g. https://192.168.99.100:8443,default) + --dest-service-accounts stringArray Destination server, namespace and target service account (e.g. https://192.168.99.100:8443,default,default-sa) -f, --file string Filename or URL to Kubernetes manifests for the project -h, --help help for generate-spec -i, --inline If set then generated resource is written back to the file specified in --file flag @@ -44,6 +45,7 @@ argocd admin proj generate-spec PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md b/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md index c1c4823077e01..7617fc95c9f72 100644 --- a/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md +++ b/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md @@ -53,6 +53,7 @@ argocd admin proj update-role-policy PROJECT_GLOB MODIFICATION ACTION [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_redis-initial-password.md b/docs/user-guide/commands/argocd_admin_redis-initial-password.md index 85e56195758dd..a35a7d55e54f8 100644 --- a/docs/user-guide/commands/argocd_admin_redis-initial-password.md +++ b/docs/user-guide/commands/argocd_admin_redis-initial-password.md @@ -37,6 +37,7 @@ argocd admin redis-initial-password [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_repo.md b/docs/user-guide/commands/argocd_admin_repo.md index 411cf558bac5b..4a900f727b185 100644 --- a/docs/user-guide/commands/argocd_admin_repo.md +++ b/docs/user-guide/commands/argocd_admin_repo.md @@ -17,6 +17,7 @@ argocd admin repo [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md index 10c722913258b..b25d3d035940f 100644 --- a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md @@ -50,6 +50,7 @@ argocd admin repo generate-spec REPOURL [flags] --insecure-ignore-host-key disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead) --insecure-skip-server-verification disables server certificate and host key checks --name string name of the repository, mandatory for repositories of type helm + --no-proxy string don't access these targets via proxy -o, --output string Output format. One of: json|yaml (default "yaml") --password string password to the repository --project string project of the repository @@ -64,6 +65,7 @@ argocd admin repo generate-spec REPOURL [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_settings.md b/docs/user-guide/commands/argocd_admin_settings.md index 3c631cf8f123b..902f4a1d80016 100644 --- a/docs/user-guide/commands/argocd_admin_settings.md +++ b/docs/user-guide/commands/argocd_admin_settings.md @@ -40,6 +40,7 @@ argocd admin settings [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_admin_settings_rbac.md b/docs/user-guide/commands/argocd_admin_settings_rbac.md index 043c39979a98a..776fabdc6d7b6 100644 --- a/docs/user-guide/commands/argocd_admin_settings_rbac.md +++ b/docs/user-guide/commands/argocd_admin_settings_rbac.md @@ -18,6 +18,7 @@ argocd admin settings rbac [flags] ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_rbac_can.md b/docs/user-guide/commands/argocd_admin_settings_rbac_can.md index f14092785facf..a428740e20869 100644 --- a/docs/user-guide/commands/argocd_admin_settings_rbac_can.md +++ b/docs/user-guide/commands/argocd_admin_settings_rbac_can.md @@ -73,6 +73,7 @@ argocd admin settings rbac can someuser create application 'default/app' --defau ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --auth-token string Authentication token --client-crt string Client certificate file diff --git a/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md b/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md index 4be305e40a33c..b0647bce80324 100644 --- a/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md +++ b/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md @@ -65,6 +65,7 @@ argocd admin settings rbac validate --namespace argocd ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --auth-token string Authentication token --client-crt string Client certificate file diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md index eeec6bcf5f63a..4a031ec3c6414 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides.md @@ -18,6 +18,7 @@ argocd admin settings resource-overrides [flags] ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_health.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_health.md index 1e5cc49335cc5..f7478fa9a21ea 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_health.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_health.md @@ -29,6 +29,7 @@ argocd admin settings resource-overrides health ./deploy.yaml --argocd-cm-path . ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-differences.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-differences.md index 752b3a64c59c7..78aefbb8ff522 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-differences.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-differences.md @@ -29,6 +29,7 @@ argocd admin settings resource-overrides ignore-differences ./deploy.yaml --argo ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md index 0eeefab2713ea..b2154319b46ca 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md @@ -30,6 +30,7 @@ argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml - ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_list-actions.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_list-actions.md index 57f60f3d726f5..442c0febc6710 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_list-actions.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_list-actions.md @@ -29,6 +29,7 @@ argocd admin settings resource-overrides action list /tmp/deploy.yaml --argocd-c ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_run-action.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_run-action.md index f7ce62d4559fe..e1a58c6da99e1 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_run-action.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_run-action.md @@ -29,6 +29,7 @@ argocd admin settings resource-overrides action run /tmp/deploy.yaml restart --a ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_admin_settings_validate.md b/docs/user-guide/commands/argocd_admin_settings_validate.md index 8e40a403441b5..d94bd701e02d0 100644 --- a/docs/user-guide/commands/argocd_admin_settings_validate.md +++ b/docs/user-guide/commands/argocd_admin_settings_validate.md @@ -34,6 +34,7 @@ argocd admin settings validate --group accounts --group plugins --load-cluster-s ``` --argocd-cm-path string Path to local argocd-cm.yaml file + --argocd-context string The name of the Argo-CD server context to use --argocd-secret-path string Path to local argocd-secret.yaml file --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. diff --git a/docs/user-guide/commands/argocd_app.md b/docs/user-guide/commands/argocd_app.md index a3840231aff7a..1a366b04383ab 100644 --- a/docs/user-guide/commands/argocd_app.md +++ b/docs/user-guide/commands/argocd_app.md @@ -49,6 +49,7 @@ argocd app [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_actions.md b/docs/user-guide/commands/argocd_app_actions.md index af336f1767b23..662f15333bf44 100644 --- a/docs/user-guide/commands/argocd_app_actions.md +++ b/docs/user-guide/commands/argocd_app_actions.md @@ -27,6 +27,7 @@ argocd app actions [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_actions_list.md b/docs/user-guide/commands/argocd_app_actions_list.md index 2d1f78524df50..3e896eba202dd 100644 --- a/docs/user-guide/commands/argocd_app_actions_list.md +++ b/docs/user-guide/commands/argocd_app_actions_list.md @@ -29,6 +29,7 @@ argocd app actions list APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_actions_run.md b/docs/user-guide/commands/argocd_app_actions_run.md index db8e29fc197b9..8d6d60301b8b5 100644 --- a/docs/user-guide/commands/argocd_app_actions_run.md +++ b/docs/user-guide/commands/argocd_app_actions_run.md @@ -29,6 +29,7 @@ argocd app actions run APPNAME ACTION [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_delete-resource.md b/docs/user-guide/commands/argocd_app_delete-resource.md index e397c0c019fa8..6907d5fb36a23 100644 --- a/docs/user-guide/commands/argocd_app_delete-resource.md +++ b/docs/user-guide/commands/argocd_app_delete-resource.md @@ -25,6 +25,7 @@ argocd app delete-resource APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_delete.md b/docs/user-guide/commands/argocd_app_delete.md index 827eeaab4ce7a..80dec827fc7ed 100644 --- a/docs/user-guide/commands/argocd_app_delete.md +++ b/docs/user-guide/commands/argocd_app_delete.md @@ -40,6 +40,7 @@ argocd app delete APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_diff.md b/docs/user-guide/commands/argocd_app_diff.md index f8c5a15589340..9896d9b3ceadc 100644 --- a/docs/user-guide/commands/argocd_app_diff.md +++ b/docs/user-guide/commands/argocd_app_diff.md @@ -36,6 +36,7 @@ argocd app diff APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_edit.md b/docs/user-guide/commands/argocd_app_edit.md index e581677b79c12..90fe001639056 100644 --- a/docs/user-guide/commands/argocd_app_edit.md +++ b/docs/user-guide/commands/argocd_app_edit.md @@ -18,6 +18,7 @@ argocd app edit APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_history.md b/docs/user-guide/commands/argocd_app_history.md index eefadef01f417..c0b68c6dad62b 100644 --- a/docs/user-guide/commands/argocd_app_history.md +++ b/docs/user-guide/commands/argocd_app_history.md @@ -19,6 +19,7 @@ argocd app history APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_list.md b/docs/user-guide/commands/argocd_app_list.md index 17e00fcac9df3..9c5ce915460a8 100644 --- a/docs/user-guide/commands/argocd_app_list.md +++ b/docs/user-guide/commands/argocd_app_list.md @@ -37,6 +37,7 @@ argocd app list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_logs.md b/docs/user-guide/commands/argocd_app_logs.md index 8dc1f6a9f1aae..7e8e2f8edb455 100644 --- a/docs/user-guide/commands/argocd_app_logs.md +++ b/docs/user-guide/commands/argocd_app_logs.md @@ -68,6 +68,7 @@ argocd app logs APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_manifests.md b/docs/user-guide/commands/argocd_app_manifests.md index 86d1aea1b1831..0857668782004 100644 --- a/docs/user-guide/commands/argocd_app_manifests.md +++ b/docs/user-guide/commands/argocd_app_manifests.md @@ -36,6 +36,7 @@ argocd app manifests APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_patch-resource.md b/docs/user-guide/commands/argocd_app_patch-resource.md index c849395cb3ea8..e1abda78807a0 100644 --- a/docs/user-guide/commands/argocd_app_patch-resource.md +++ b/docs/user-guide/commands/argocd_app_patch-resource.md @@ -25,6 +25,7 @@ argocd app patch-resource APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_patch.md b/docs/user-guide/commands/argocd_app_patch.md index 0c453ea159e64..c681ea887b417 100644 --- a/docs/user-guide/commands/argocd_app_patch.md +++ b/docs/user-guide/commands/argocd_app_patch.md @@ -30,6 +30,7 @@ argocd app patch APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_resources.md b/docs/user-guide/commands/argocd_app_resources.md index 22027f74ba3d7..e789ed642a043 100644 --- a/docs/user-guide/commands/argocd_app_resources.md +++ b/docs/user-guide/commands/argocd_app_resources.md @@ -20,6 +20,7 @@ argocd app resources APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_rollback.md b/docs/user-guide/commands/argocd_app_rollback.md index 923023e35a2e8..04a9106892353 100644 --- a/docs/user-guide/commands/argocd_app_rollback.md +++ b/docs/user-guide/commands/argocd_app_rollback.md @@ -21,6 +21,7 @@ argocd app rollback APPNAME [ID] [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_sync.md b/docs/user-guide/commands/argocd_app_sync.md index 1dc6f48bd16ba..5cbf3fb06c367 100644 --- a/docs/user-guide/commands/argocd_app_sync.md +++ b/docs/user-guide/commands/argocd_app_sync.md @@ -75,6 +75,7 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_terminate-op.md b/docs/user-guide/commands/argocd_app_terminate-op.md index a6d04299ca313..112dba5189957 100644 --- a/docs/user-guide/commands/argocd_app_terminate-op.md +++ b/docs/user-guide/commands/argocd_app_terminate-op.md @@ -17,6 +17,7 @@ argocd app terminate-op APPNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_unset.md b/docs/user-guide/commands/argocd_app_unset.md index 10795166c4477..f0de506336ed9 100644 --- a/docs/user-guide/commands/argocd_app_unset.md +++ b/docs/user-guide/commands/argocd_app_unset.md @@ -48,6 +48,7 @@ argocd app unset APPNAME parameters [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_app_wait.md b/docs/user-guide/commands/argocd_app_wait.md index e2d3886f4d3ab..e0be1f5e62a53 100644 --- a/docs/user-guide/commands/argocd_app_wait.md +++ b/docs/user-guide/commands/argocd_app_wait.md @@ -55,6 +55,7 @@ argocd app wait [APPNAME.. | -l selector] [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_appset.md b/docs/user-guide/commands/argocd_appset.md index 7b543ae318831..fddda16860a62 100644 --- a/docs/user-guide/commands/argocd_appset.md +++ b/docs/user-guide/commands/argocd_appset.md @@ -52,6 +52,7 @@ argocd appset [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file @@ -82,6 +83,7 @@ argocd appset [flags] * [argocd](argocd.md) - argocd controls a Argo CD server * [argocd appset create](argocd_appset_create.md) - Create one or more ApplicationSets * [argocd appset delete](argocd_appset_delete.md) - Delete one or more ApplicationSets +* [argocd appset generate](argocd_appset_generate.md) - Generate apps of ApplicationSet rendered templates * [argocd appset get](argocd_appset_get.md) - Get ApplicationSet details * [argocd appset list](argocd_appset_list.md) - List ApplicationSets diff --git a/docs/user-guide/commands/argocd_appset_create.md b/docs/user-guide/commands/argocd_appset_create.md index fccc03fcc971c..718074a950f97 100644 --- a/docs/user-guide/commands/argocd_appset_create.md +++ b/docs/user-guide/commands/argocd_appset_create.md @@ -13,18 +13,24 @@ argocd appset create [flags] ``` # Create ApplicationSets argocd appset create (...) + + # Dry-run AppSet creation to see what applications would be managed + argocd appset create --dry-run -o json | jq -r '.status.resources[].name' ``` ### Options ``` - -h, --help help for create - --upsert Allows to override ApplicationSet with the same name even if supplied ApplicationSet spec is different from existing spec + --dry-run Allows to evaluate the ApplicationSet template on the server to get a preview of the applications that would be created + -h, --help help for create + -o, --output string Output format. One of: json|yaml|wide (default "wide") + --upsert Allows to override ApplicationSet with the same name even if supplied ApplicationSet spec is different from existing spec ``` ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_appset_delete.md b/docs/user-guide/commands/argocd_appset_delete.md index d97ca51b604e8..3e9b09c2262ac 100644 --- a/docs/user-guide/commands/argocd_appset_delete.md +++ b/docs/user-guide/commands/argocd_appset_delete.md @@ -25,6 +25,7 @@ argocd appset delete [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_appset_generate.md b/docs/user-guide/commands/argocd_appset_generate.md new file mode 100644 index 0000000000000..dc98dad11926b --- /dev/null +++ b/docs/user-guide/commands/argocd_appset_generate.md @@ -0,0 +1,57 @@ +# `argocd appset generate` Command Reference + +## argocd appset generate + +Generate apps of ApplicationSet rendered templates + +``` +argocd appset generate [flags] +``` + +### Examples + +``` + # Generate apps of ApplicationSet rendered templates + argocd appset generate (...) +``` + +### Options + +``` + -h, --help help for generate + -o, --output string Output format. One of: json|yaml|wide (default "wide") +``` + +### Options inherited from parent commands + +``` + --argocd-context string The name of the Argo-CD server context to use + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") + --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") + --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") + --server string Argo CD server address + --server-crt string Server certificate file + --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") +``` + +### SEE ALSO + +* [argocd appset](argocd_appset.md) - Manage ApplicationSets + diff --git a/docs/user-guide/commands/argocd_appset_get.md b/docs/user-guide/commands/argocd_appset_get.md index 8024d8ebf0a06..b73139efb4659 100644 --- a/docs/user-guide/commands/argocd_appset_get.md +++ b/docs/user-guide/commands/argocd_appset_get.md @@ -26,6 +26,7 @@ argocd appset get APPSETNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_appset_list.md b/docs/user-guide/commands/argocd_appset_list.md index 92e0b21cb749b..52135d7975d58 100644 --- a/docs/user-guide/commands/argocd_appset_list.md +++ b/docs/user-guide/commands/argocd_appset_list.md @@ -28,6 +28,7 @@ argocd appset list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cert.md b/docs/user-guide/commands/argocd_cert.md index b126328a4372f..3a5b101f2c85e 100644 --- a/docs/user-guide/commands/argocd_cert.md +++ b/docs/user-guide/commands/argocd_cert.md @@ -59,6 +59,7 @@ argocd cert [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cert_add-ssh.md b/docs/user-guide/commands/argocd_cert_add-ssh.md index 94daf24bf376e..1e1eaa7bf3703 100644 --- a/docs/user-guide/commands/argocd_cert_add-ssh.md +++ b/docs/user-guide/commands/argocd_cert_add-ssh.md @@ -20,6 +20,7 @@ argocd cert add-ssh --batch [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cert_add-tls.md b/docs/user-guide/commands/argocd_cert_add-tls.md index e8d3d733697e7..2ac40be8f5620 100644 --- a/docs/user-guide/commands/argocd_cert_add-tls.md +++ b/docs/user-guide/commands/argocd_cert_add-tls.md @@ -19,6 +19,7 @@ argocd cert add-tls SERVERNAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cert_list.md b/docs/user-guide/commands/argocd_cert_list.md index 43a4af5bea783..63d4f0500a4ec 100644 --- a/docs/user-guide/commands/argocd_cert_list.md +++ b/docs/user-guide/commands/argocd_cert_list.md @@ -21,6 +21,7 @@ argocd cert list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cert_rm.md b/docs/user-guide/commands/argocd_cert_rm.md index 602a84aa6b85c..9636256422f09 100644 --- a/docs/user-guide/commands/argocd_cert_rm.md +++ b/docs/user-guide/commands/argocd_cert_rm.md @@ -19,6 +19,7 @@ argocd cert rm REPOSERVER [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster.md b/docs/user-guide/commands/argocd_cluster.md index a30c357d54d71..edb8e4399495a 100644 --- a/docs/user-guide/commands/argocd_cluster.md +++ b/docs/user-guide/commands/argocd_cluster.md @@ -56,6 +56,7 @@ argocd cluster [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster_add.md b/docs/user-guide/commands/argocd_cluster_add.md index 5c0d0e11bf34d..00f07f30f9744 100644 --- a/docs/user-guide/commands/argocd_cluster_add.md +++ b/docs/user-guide/commands/argocd_cluster_add.md @@ -41,6 +41,7 @@ argocd cluster add CONTEXT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster_get.md b/docs/user-guide/commands/argocd_cluster_get.md index a020a94557e99..4a4001b4dd8af 100644 --- a/docs/user-guide/commands/argocd_cluster_get.md +++ b/docs/user-guide/commands/argocd_cluster_get.md @@ -25,6 +25,7 @@ argocd cluster get in-cluster ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster_list.md b/docs/user-guide/commands/argocd_cluster_list.md index 3e03f1581648f..f4be1312eda0f 100644 --- a/docs/user-guide/commands/argocd_cluster_list.md +++ b/docs/user-guide/commands/argocd_cluster_list.md @@ -40,6 +40,7 @@ argocd cluster list -o server ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster_rm.md b/docs/user-guide/commands/argocd_cluster_rm.md index 80057bb5a7082..b74c185480823 100644 --- a/docs/user-guide/commands/argocd_cluster_rm.md +++ b/docs/user-guide/commands/argocd_cluster_rm.md @@ -25,6 +25,7 @@ argocd cluster rm cluster-name ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster_rotate-auth.md b/docs/user-guide/commands/argocd_cluster_rotate-auth.md index 8dc3a5bf745d3..98b19643e856f 100644 --- a/docs/user-guide/commands/argocd_cluster_rotate-auth.md +++ b/docs/user-guide/commands/argocd_cluster_rotate-auth.md @@ -24,6 +24,7 @@ argocd cluster rotate-auth cluster-name ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_cluster_set.md b/docs/user-guide/commands/argocd_cluster_set.md index 3f25dda8dac2d..eece336c95af9 100644 --- a/docs/user-guide/commands/argocd_cluster_set.md +++ b/docs/user-guide/commands/argocd_cluster_set.md @@ -29,6 +29,7 @@ argocd cluster set NAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_completion.md b/docs/user-guide/commands/argocd_completion.md index 09d2bf264f1e8..304b46b35ad51 100644 --- a/docs/user-guide/commands/argocd_completion.md +++ b/docs/user-guide/commands/argocd_completion.md @@ -52,6 +52,7 @@ $ source ~/.config/fish/completions/argocd.fish ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_context.md b/docs/user-guide/commands/argocd_context.md index f02944cf4f775..75e3b8f921338 100644 --- a/docs/user-guide/commands/argocd_context.md +++ b/docs/user-guide/commands/argocd_context.md @@ -31,6 +31,7 @@ argocd context cd.argoproj.io --delete ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_gpg.md b/docs/user-guide/commands/argocd_gpg.md index bca15e98b7c87..12c2438700d97 100644 --- a/docs/user-guide/commands/argocd_gpg.md +++ b/docs/user-guide/commands/argocd_gpg.md @@ -36,6 +36,7 @@ argocd gpg [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_gpg_add.md b/docs/user-guide/commands/argocd_gpg_add.md index 3ef5d4e6c72d5..e8760a98d5c80 100644 --- a/docs/user-guide/commands/argocd_gpg_add.md +++ b/docs/user-guide/commands/argocd_gpg_add.md @@ -25,6 +25,7 @@ argocd gpg add [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_gpg_get.md b/docs/user-guide/commands/argocd_gpg_get.md index e0ad3d9ee25d6..8547b22d8fc10 100644 --- a/docs/user-guide/commands/argocd_gpg_get.md +++ b/docs/user-guide/commands/argocd_gpg_get.md @@ -31,6 +31,7 @@ argocd gpg get KEYID [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_gpg_list.md b/docs/user-guide/commands/argocd_gpg_list.md index 50f0e72e83c0d..13ad13e5f7cd0 100644 --- a/docs/user-guide/commands/argocd_gpg_list.md +++ b/docs/user-guide/commands/argocd_gpg_list.md @@ -31,6 +31,7 @@ argocd gpg list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_gpg_rm.md b/docs/user-guide/commands/argocd_gpg_rm.md index ecf744988d0fd..7bee10529c970 100644 --- a/docs/user-guide/commands/argocd_gpg_rm.md +++ b/docs/user-guide/commands/argocd_gpg_rm.md @@ -17,6 +17,7 @@ argocd gpg rm KEYID [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_login.md b/docs/user-guide/commands/argocd_login.md index adf02fefbc454..767c8876ed17c 100644 --- a/docs/user-guide/commands/argocd_login.md +++ b/docs/user-guide/commands/argocd_login.md @@ -28,18 +28,20 @@ argocd login cd.argoproj.io --core ### Options ``` - -h, --help help for login - --name string Name to use for the context - --password string The password of an account to authenticate - --skip-test-tls Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason) - --sso Perform SSO login - --sso-port int Port to run local OAuth2 login application (default 8085) - --username string The username of an account to authenticate + -h, --help help for login + --name string Name to use for the context + --password string The password of an account to authenticate + --skip-test-tls Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason) + --sso Perform SSO login + --sso-launch-browser Automatically launch the system default browser when performing SSO login (default true) + --sso-port int Port to run local OAuth2 login application (default 8085) + --username string The username of an account to authenticate ``` ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_logout.md b/docs/user-guide/commands/argocd_logout.md index 3e18c70a063a0..dad73d0b84b79 100644 --- a/docs/user-guide/commands/argocd_logout.md +++ b/docs/user-guide/commands/argocd_logout.md @@ -30,6 +30,7 @@ $ argocd logout ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj.md b/docs/user-guide/commands/argocd_proj.md index 5586463adee6e..b595c9108b3c1 100644 --- a/docs/user-guide/commands/argocd_proj.md +++ b/docs/user-guide/commands/argocd_proj.md @@ -52,6 +52,7 @@ argocd proj [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file @@ -81,6 +82,7 @@ argocd proj [flags] * [argocd](argocd.md) - argocd controls a Argo CD server * [argocd proj add-destination](argocd_proj_add-destination.md) - Add project destination +* [argocd proj add-destination-service-account](argocd_proj_add-destination-service-account.md) - Add project destination's default service account * [argocd proj add-orphaned-ignore](argocd_proj_add-orphaned-ignore.md) - Add a resource to orphaned ignore list * [argocd proj add-signature-key](argocd_proj_add-signature-key.md) - Add GnuPG signature key to project * [argocd proj add-source](argocd_proj_add-source.md) - Add project source repository @@ -95,6 +97,7 @@ argocd proj [flags] * [argocd proj get](argocd_proj_get.md) - Get project details * [argocd proj list](argocd_proj_list.md) - List projects * [argocd proj remove-destination](argocd_proj_remove-destination.md) - Remove project destination +* [argocd proj remove-destination-service-account](argocd_proj_remove-destination-service-account.md) - Remove default destination service account from the project * [argocd proj remove-orphaned-ignore](argocd_proj_remove-orphaned-ignore.md) - Remove a resource from orphaned ignore list * [argocd proj remove-signature-key](argocd_proj_remove-signature-key.md) - Remove GnuPG signature key from project * [argocd proj remove-source](argocd_proj_remove-source.md) - Remove project source repository diff --git a/docs/user-guide/commands/argocd_proj_add-destination-service-account.md b/docs/user-guide/commands/argocd_proj_add-destination-service-account.md new file mode 100644 index 0000000000000..58091bbe21ffc --- /dev/null +++ b/docs/user-guide/commands/argocd_proj_add-destination-service-account.md @@ -0,0 +1,60 @@ +# `argocd proj add-destination-service-account` Command Reference + +## argocd proj add-destination-service-account + +Add project destination's default service account + +``` +argocd proj add-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT [flags] +``` + +### Examples + +``` + # Add project destination service account (SERVICE_ACCOUNT) for a server URL (SERVER) in the specified namespace (NAMESPACE) on the project with name PROJECT + argocd proj add-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT + + # Add project destination service account (SERVICE_ACCOUNT) from a different namespace + argocd proj add-destination PROJECT SERVER NAMESPACE SERVICE_ACCOUNT --service-account-namespace +``` + +### Options + +``` + -h, --help help for add-destination-service-account + --service-account-namespace string Use service-account-namespace as namespace where the service account is present +``` + +### Options inherited from parent commands + +``` + --argocd-context string The name of the Argo-CD server context to use + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") + --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") + --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") + --server string Argo CD server address + --server-crt string Server certificate file + --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") +``` + +### SEE ALSO + +* [argocd proj](argocd_proj.md) - Manage projects + diff --git a/docs/user-guide/commands/argocd_proj_add-destination.md b/docs/user-guide/commands/argocd_proj_add-destination.md index 688aebf84156e..a4766008322d7 100644 --- a/docs/user-guide/commands/argocd_proj_add-destination.md +++ b/docs/user-guide/commands/argocd_proj_add-destination.md @@ -28,6 +28,7 @@ argocd proj add-destination PROJECT SERVER/NAME NAMESPACE [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_add-orphaned-ignore.md b/docs/user-guide/commands/argocd_proj_add-orphaned-ignore.md index 1b36d8a5ff0f1..97b24ff0340e9 100644 --- a/docs/user-guide/commands/argocd_proj_add-orphaned-ignore.md +++ b/docs/user-guide/commands/argocd_proj_add-orphaned-ignore.md @@ -28,6 +28,7 @@ argocd proj add-orphaned-ignore PROJECT GROUP KIND [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_add-signature-key.md b/docs/user-guide/commands/argocd_proj_add-signature-key.md index 404660510700b..9c1f9827583e4 100644 --- a/docs/user-guide/commands/argocd_proj_add-signature-key.md +++ b/docs/user-guide/commands/argocd_proj_add-signature-key.md @@ -24,6 +24,7 @@ argocd proj add-signature-key PROJECT KEY-ID [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_add-source-namespace.md b/docs/user-guide/commands/argocd_proj_add-source-namespace.md index ced1f6fa3c67d..c74e8c2436375 100644 --- a/docs/user-guide/commands/argocd_proj_add-source-namespace.md +++ b/docs/user-guide/commands/argocd_proj_add-source-namespace.md @@ -24,6 +24,7 @@ argocd proj add-source-namespace PROJECT NAMESPACE [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_add-source.md b/docs/user-guide/commands/argocd_proj_add-source.md index f0c2f18fd9792..670f399020f54 100644 --- a/docs/user-guide/commands/argocd_proj_add-source.md +++ b/docs/user-guide/commands/argocd_proj_add-source.md @@ -24,6 +24,7 @@ argocd proj add-source PROJECT URL [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_allow-cluster-resource.md b/docs/user-guide/commands/argocd_proj_allow-cluster-resource.md index 338027e724bc2..14b1ac0ae87f4 100644 --- a/docs/user-guide/commands/argocd_proj_allow-cluster-resource.md +++ b/docs/user-guide/commands/argocd_proj_allow-cluster-resource.md @@ -25,6 +25,7 @@ argocd proj allow-cluster-resource PROJECT GROUP KIND [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_allow-namespace-resource.md b/docs/user-guide/commands/argocd_proj_allow-namespace-resource.md index 3e4a410f32a47..73b895af9d3b4 100644 --- a/docs/user-guide/commands/argocd_proj_allow-namespace-resource.md +++ b/docs/user-guide/commands/argocd_proj_allow-namespace-resource.md @@ -25,6 +25,7 @@ argocd proj allow-namespace-resource PROJECT GROUP KIND [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_create.md b/docs/user-guide/commands/argocd_proj_create.md index fd8687c1b2982..6300d9a423a63 100644 --- a/docs/user-guide/commands/argocd_proj_create.md +++ b/docs/user-guide/commands/argocd_proj_create.md @@ -27,6 +27,7 @@ argocd proj create PROJECT [flags] --deny-namespaced-resource stringArray List of denied namespaced resources --description string Project description -d, --dest stringArray Permitted destination server and namespace (e.g. https://192.168.99.100:8443,default) + --dest-service-accounts stringArray Destination server, namespace and target service account (e.g. https://192.168.99.100:8443,default,default-sa) -f, --file string Filename or URL to Kubernetes manifests for the project -h, --help help for create --orphaned-resources Enables orphaned resources monitoring @@ -40,6 +41,7 @@ argocd proj create PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_delete.md b/docs/user-guide/commands/argocd_proj_delete.md index 4d6c4a94f609c..76ea1538b5e87 100644 --- a/docs/user-guide/commands/argocd_proj_delete.md +++ b/docs/user-guide/commands/argocd_proj_delete.md @@ -24,6 +24,7 @@ argocd proj delete PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_deny-cluster-resource.md b/docs/user-guide/commands/argocd_proj_deny-cluster-resource.md index 4621b18c3efe1..1ef0d03b71f22 100644 --- a/docs/user-guide/commands/argocd_proj_deny-cluster-resource.md +++ b/docs/user-guide/commands/argocd_proj_deny-cluster-resource.md @@ -25,6 +25,7 @@ argocd proj deny-cluster-resource PROJECT GROUP KIND [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_deny-namespace-resource.md b/docs/user-guide/commands/argocd_proj_deny-namespace-resource.md index e8b55a7b0adb6..d02ef85f85a68 100644 --- a/docs/user-guide/commands/argocd_proj_deny-namespace-resource.md +++ b/docs/user-guide/commands/argocd_proj_deny-namespace-resource.md @@ -25,6 +25,7 @@ argocd proj deny-namespace-resource PROJECT GROUP KIND [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_edit.md b/docs/user-guide/commands/argocd_proj_edit.md index 63a584accfad8..8c2d07627cc45 100644 --- a/docs/user-guide/commands/argocd_proj_edit.md +++ b/docs/user-guide/commands/argocd_proj_edit.md @@ -24,6 +24,7 @@ argocd proj edit PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_get.md b/docs/user-guide/commands/argocd_proj_get.md index 2d2e437b79779..6aff7cf0c5ef6 100644 --- a/docs/user-guide/commands/argocd_proj_get.md +++ b/docs/user-guide/commands/argocd_proj_get.md @@ -28,6 +28,7 @@ argocd proj get PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_list.md b/docs/user-guide/commands/argocd_proj_list.md index d96c0c4bb13b8..503b63762ef81 100644 --- a/docs/user-guide/commands/argocd_proj_list.md +++ b/docs/user-guide/commands/argocd_proj_list.md @@ -28,6 +28,7 @@ argocd proj list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_remove-destination-service-account.md b/docs/user-guide/commands/argocd_proj_remove-destination-service-account.md new file mode 100644 index 0000000000000..c43189ff14b9a --- /dev/null +++ b/docs/user-guide/commands/argocd_proj_remove-destination-service-account.md @@ -0,0 +1,56 @@ +# `argocd proj remove-destination-service-account` Command Reference + +## argocd proj remove-destination-service-account + +Remove default destination service account from the project + +``` +argocd proj remove-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT [flags] +``` + +### Examples + +``` + # Remove the destination service account (SERVICE_ACCOUNT) from the specified destination (SERVER and NAMESPACE combination) on the project with name PROJECT + argocd proj remove-destination-service-account PROJECT SERVER NAMESPACE SERVICE_ACCOUNT +``` + +### Options + +``` + -h, --help help for remove-destination-service-account +``` + +### Options inherited from parent commands + +``` + --argocd-context string The name of the Argo-CD server context to use + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") + --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") + --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") + --server string Argo CD server address + --server-crt string Server certificate file + --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") +``` + +### SEE ALSO + +* [argocd proj](argocd_proj.md) - Manage projects + diff --git a/docs/user-guide/commands/argocd_proj_remove-destination.md b/docs/user-guide/commands/argocd_proj_remove-destination.md index 612e1db68356a..e4547d1748668 100644 --- a/docs/user-guide/commands/argocd_proj_remove-destination.md +++ b/docs/user-guide/commands/argocd_proj_remove-destination.md @@ -24,6 +24,7 @@ argocd proj remove-destination PROJECT SERVER NAMESPACE [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_remove-orphaned-ignore.md b/docs/user-guide/commands/argocd_proj_remove-orphaned-ignore.md index 857cf3c595177..4adb28f0e5fb1 100644 --- a/docs/user-guide/commands/argocd_proj_remove-orphaned-ignore.md +++ b/docs/user-guide/commands/argocd_proj_remove-orphaned-ignore.md @@ -28,6 +28,7 @@ argocd proj remove-orphaned-ignore PROJECT GROUP KIND [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_remove-signature-key.md b/docs/user-guide/commands/argocd_proj_remove-signature-key.md index 61d6085022662..3b880def1e233 100644 --- a/docs/user-guide/commands/argocd_proj_remove-signature-key.md +++ b/docs/user-guide/commands/argocd_proj_remove-signature-key.md @@ -24,6 +24,7 @@ argocd proj remove-signature-key PROJECT KEY-ID [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_remove-source-namespace.md b/docs/user-guide/commands/argocd_proj_remove-source-namespace.md index 6a0ee319c7b9b..8bcb081d17b73 100644 --- a/docs/user-guide/commands/argocd_proj_remove-source-namespace.md +++ b/docs/user-guide/commands/argocd_proj_remove-source-namespace.md @@ -24,6 +24,7 @@ argocd proj remove-source-namespace PROJECT NAMESPACE [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_remove-source.md b/docs/user-guide/commands/argocd_proj_remove-source.md index d6a1c353059f3..b7fc972fe7b86 100644 --- a/docs/user-guide/commands/argocd_proj_remove-source.md +++ b/docs/user-guide/commands/argocd_proj_remove-source.md @@ -24,6 +24,7 @@ argocd proj remove-source PROJECT URL [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role.md b/docs/user-guide/commands/argocd_proj_role.md index 9546cc4b7ab27..bbc687932632d 100644 --- a/docs/user-guide/commands/argocd_proj_role.md +++ b/docs/user-guide/commands/argocd_proj_role.md @@ -17,6 +17,7 @@ argocd proj role [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_add-group.md b/docs/user-guide/commands/argocd_proj_role_add-group.md index 4a3aa2f1e8be1..96743b827d154 100644 --- a/docs/user-guide/commands/argocd_proj_role_add-group.md +++ b/docs/user-guide/commands/argocd_proj_role_add-group.md @@ -17,6 +17,7 @@ argocd proj role add-group PROJECT ROLE-NAME GROUP-CLAIM [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_add-policy.md b/docs/user-guide/commands/argocd_proj_role_add-policy.md index d4804d31d66a1..5d887fc190931 100644 --- a/docs/user-guide/commands/argocd_proj_role_add-policy.md +++ b/docs/user-guide/commands/argocd_proj_role_add-policy.md @@ -49,6 +49,7 @@ ID ISSUED-AT EXPIRES-AT ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_create-token.md b/docs/user-guide/commands/argocd_proj_role_create-token.md index fc7eaf93c2307..8974c2ef8abb2 100644 --- a/docs/user-guide/commands/argocd_proj_role_create-token.md +++ b/docs/user-guide/commands/argocd_proj_role_create-token.md @@ -32,6 +32,7 @@ Create token succeeded for proj:test-project:test-role. ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_create.md b/docs/user-guide/commands/argocd_proj_role_create.md index 60974c9e1b4e6..1fe6adde29267 100644 --- a/docs/user-guide/commands/argocd_proj_role_create.md +++ b/docs/user-guide/commands/argocd_proj_role_create.md @@ -25,6 +25,7 @@ argocd proj role create PROJECT ROLE-NAME [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_delete-token.md b/docs/user-guide/commands/argocd_proj_role_delete-token.md index 006746f8faeeb..f0cd71f0a84fb 100644 --- a/docs/user-guide/commands/argocd_proj_role_delete-token.md +++ b/docs/user-guide/commands/argocd_proj_role_delete-token.md @@ -49,6 +49,7 @@ $ argocd proj role delete-token test-project test-role 1696769937 ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_delete.md b/docs/user-guide/commands/argocd_proj_role_delete.md index fe94a2231db60..5140ae097497a 100644 --- a/docs/user-guide/commands/argocd_proj_role_delete.md +++ b/docs/user-guide/commands/argocd_proj_role_delete.md @@ -23,6 +23,7 @@ $ argocd proj role delete test-project test-role ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_get.md b/docs/user-guide/commands/argocd_proj_role_get.md index e21276ce85116..7eeaeb42087a6 100644 --- a/docs/user-guide/commands/argocd_proj_role_get.md +++ b/docs/user-guide/commands/argocd_proj_role_get.md @@ -32,6 +32,7 @@ ID ISSUED-AT EXPIRES-AT ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_list-tokens.md b/docs/user-guide/commands/argocd_proj_role_list-tokens.md index 8d1fe93163dfc..2bf7ab3f64c1e 100644 --- a/docs/user-guide/commands/argocd_proj_role_list-tokens.md +++ b/docs/user-guide/commands/argocd_proj_role_list-tokens.md @@ -28,6 +28,7 @@ fa9d3517-c52d-434c-9bff-215b38508842 2023-10-08T11:08:18+01:00 Never ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_list.md b/docs/user-guide/commands/argocd_proj_role_list.md index 3cfd630ddc988..bdf71af22ed30 100644 --- a/docs/user-guide/commands/argocd_proj_role_list.md +++ b/docs/user-guide/commands/argocd_proj_role_list.md @@ -28,6 +28,7 @@ argocd proj role list PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_remove-group.md b/docs/user-guide/commands/argocd_proj_role_remove-group.md index a89e0bcfae315..3b31f7c820c4f 100644 --- a/docs/user-guide/commands/argocd_proj_role_remove-group.md +++ b/docs/user-guide/commands/argocd_proj_role_remove-group.md @@ -17,6 +17,7 @@ argocd proj role remove-group PROJECT ROLE-NAME GROUP-CLAIM [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_role_remove-policy.md b/docs/user-guide/commands/argocd_proj_role_remove-policy.md index 96aee05da86eb..069d1b7dcdcb4 100644 --- a/docs/user-guide/commands/argocd_proj_role_remove-policy.md +++ b/docs/user-guide/commands/argocd_proj_role_remove-policy.md @@ -49,6 +49,7 @@ ID ISSUED-AT EXPIRES-AT ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_set.md b/docs/user-guide/commands/argocd_proj_set.md index 3dc0cc06ec787..fb11ad83b6b94 100644 --- a/docs/user-guide/commands/argocd_proj_set.md +++ b/docs/user-guide/commands/argocd_proj_set.md @@ -27,6 +27,7 @@ argocd proj set PROJECT [flags] --deny-namespaced-resource stringArray List of denied namespaced resources --description string Project description -d, --dest stringArray Permitted destination server and namespace (e.g. https://192.168.99.100:8443,default) + --dest-service-accounts stringArray Destination server, namespace and target service account (e.g. https://192.168.99.100:8443,default,default-sa) -h, --help help for set --orphaned-resources Enables orphaned resources monitoring --orphaned-resources-warn Specifies if applications should have a warning condition when orphaned resources detected @@ -38,6 +39,7 @@ argocd proj set PROJECT [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows.md b/docs/user-guide/commands/argocd_proj_windows.md index 0b22c2098dc82..c5b0cdfd2c9ca 100644 --- a/docs/user-guide/commands/argocd_proj_windows.md +++ b/docs/user-guide/commands/argocd_proj_windows.md @@ -34,6 +34,7 @@ argocd proj windows list ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows_add.md b/docs/user-guide/commands/argocd_proj_windows_add.md index 52fd3a8354ee3..9610020c3a1bd 100644 --- a/docs/user-guide/commands/argocd_proj_windows_add.md +++ b/docs/user-guide/commands/argocd_proj_windows_add.md @@ -48,6 +48,7 @@ argocd proj windows add PROJECT \ ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows_delete.md b/docs/user-guide/commands/argocd_proj_windows_delete.md index 6faf7dbeedc19..8ca1ad28dfd84 100644 --- a/docs/user-guide/commands/argocd_proj_windows_delete.md +++ b/docs/user-guide/commands/argocd_proj_windows_delete.md @@ -28,6 +28,7 @@ argocd proj windows delete new-project 1 ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md index 3f01015395f1b..b4bbccef0ef1f 100644 --- a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md +++ b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md @@ -32,6 +32,7 @@ argocd proj windows disable-manual-sync default 0 ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md b/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md index 7ecbb50e6ac1b..a8a2402037ca9 100644 --- a/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md +++ b/docs/user-guide/commands/argocd_proj_windows_enable-manual-sync.md @@ -35,6 +35,7 @@ argocd proj windows enable-manual-sync my-app-project --message "Manual sync ini ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows_list.md b/docs/user-guide/commands/argocd_proj_windows_list.md index 3c361f90d2a68..828406438c31d 100644 --- a/docs/user-guide/commands/argocd_proj_windows_list.md +++ b/docs/user-guide/commands/argocd_proj_windows_list.md @@ -32,6 +32,7 @@ argocd proj windows list test-project ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_proj_windows_update.md b/docs/user-guide/commands/argocd_proj_windows_update.md index e01e3787d51a2..de10f76b766fa 100644 --- a/docs/user-guide/commands/argocd_proj_windows_update.md +++ b/docs/user-guide/commands/argocd_proj_windows_update.md @@ -36,6 +36,7 @@ argocd proj windows update PROJECT ID \ ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_relogin.md b/docs/user-guide/commands/argocd_relogin.md index 430ab4a9222c9..9e15447b08ec4 100644 --- a/docs/user-guide/commands/argocd_relogin.md +++ b/docs/user-guide/commands/argocd_relogin.md @@ -32,14 +32,16 @@ argocd login cd.argoproj.io --core ### Options ``` - -h, --help help for relogin - --password string The password of an account to authenticate - --sso-port int Port to run local OAuth2 login application (default 8085) + -h, --help help for relogin + --password string The password of an account to authenticate + --sso-launch-browser Automatically launch the default browser when performing SSO login (default true) + --sso-port int Port to run local OAuth2 login application (default 8085) ``` ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repo.md b/docs/user-guide/commands/argocd_repo.md index 4df85f7b00d3d..da44cd722ac1b 100644 --- a/docs/user-guide/commands/argocd_repo.md +++ b/docs/user-guide/commands/argocd_repo.md @@ -54,6 +54,7 @@ argocd repo rm https://github.com/yourusername/your-repo.git ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repo_add.md b/docs/user-guide/commands/argocd_repo_add.md index 8399d48302509..a6516d02329e0 100644 --- a/docs/user-guide/commands/argocd_repo_add.md +++ b/docs/user-guide/commands/argocd_repo_add.md @@ -64,6 +64,7 @@ argocd repo add REPOURL [flags] --insecure-ignore-host-key disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead) --insecure-skip-server-verification disables server certificate and host key checks --name string name of the repository, mandatory for repositories of type helm + --no-proxy string don't access these targets via proxy --password string password to the repository --project string project of the repository --proxy string use proxy to access repository @@ -78,6 +79,7 @@ argocd repo add REPOURL [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repo_get.md b/docs/user-guide/commands/argocd_repo_get.md index e1d445d1068f6..d25e6ee2ff1e7 100644 --- a/docs/user-guide/commands/argocd_repo_get.md +++ b/docs/user-guide/commands/argocd_repo_get.md @@ -20,6 +20,7 @@ argocd repo get [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repo_list.md b/docs/user-guide/commands/argocd_repo_list.md index 06f1f788cb7c2..a78520696545d 100644 --- a/docs/user-guide/commands/argocd_repo_list.md +++ b/docs/user-guide/commands/argocd_repo_list.md @@ -19,6 +19,7 @@ argocd repo list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repo_rm.md b/docs/user-guide/commands/argocd_repo_rm.md index 4e44bf0acf90b..70549f0ae09d4 100644 --- a/docs/user-guide/commands/argocd_repo_rm.md +++ b/docs/user-guide/commands/argocd_repo_rm.md @@ -18,6 +18,7 @@ argocd repo rm REPO [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repocreds.md b/docs/user-guide/commands/argocd_repocreds.md index f073b2bbb6161..0679f80aef5c5 100644 --- a/docs/user-guide/commands/argocd_repocreds.md +++ b/docs/user-guide/commands/argocd_repocreds.md @@ -49,6 +49,7 @@ argocd repocreds [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repocreds_add.md b/docs/user-guide/commands/argocd_repocreds_add.md index ce66dc49cfe8c..8adc3a919a016 100644 --- a/docs/user-guide/commands/argocd_repocreds_add.md +++ b/docs/user-guide/commands/argocd_repocreds_add.md @@ -43,6 +43,7 @@ argocd repocreds add REPOURL [flags] --github-app-private-key-path string private key of the GitHub Application -h, --help help for add --password string password to the repository + --proxy-url string If provided, this URL will be used to connect via proxy --ssh-private-key-path string path to the private ssh key (e.g. ~/.ssh/id_rsa) --tls-client-cert-key-path string path to the TLS client cert's key path (must be PEM format) --tls-client-cert-path string path to the TLS client cert (must be PEM format) @@ -54,6 +55,7 @@ argocd repocreds add REPOURL [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repocreds_list.md b/docs/user-guide/commands/argocd_repocreds_list.md index ae358afab2056..64acfe837cb6f 100644 --- a/docs/user-guide/commands/argocd_repocreds_list.md +++ b/docs/user-guide/commands/argocd_repocreds_list.md @@ -34,6 +34,7 @@ argocd repocreds list [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_repocreds_rm.md b/docs/user-guide/commands/argocd_repocreds_rm.md index 3bfee30eb40a3..96d2898fb495c 100644 --- a/docs/user-guide/commands/argocd_repocreds_rm.md +++ b/docs/user-guide/commands/argocd_repocreds_rm.md @@ -24,6 +24,7 @@ argocd repocreds rm CREDSURL [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/commands/argocd_version.md b/docs/user-guide/commands/argocd_version.md index 6a7fa7baf5ecb..5a99c1bb63daa 100644 --- a/docs/user-guide/commands/argocd_version.md +++ b/docs/user-guide/commands/argocd_version.md @@ -56,6 +56,7 @@ argocd version [flags] ### Options inherited from parent commands ``` + --argocd-context string The name of the Argo-CD server context to use --auth-token string Authentication token --client-crt string Client certificate file --client-crt-key string Client certificate key file diff --git a/docs/user-guide/diffing.md b/docs/user-guide/diffing.md index 95fe7f0ace3ac..7e5b72d97959c 100644 --- a/docs/user-guide/diffing.md +++ b/docs/user-guide/diffing.md @@ -74,7 +74,8 @@ If you have a slash `/` in your pointer path, you need to replace it with the `~ spec: ignoreDifferences: - kind: Node - jsonPointers: /metadata/labels/node-role.kubernetes.io~1worker + jsonPointers: + - /metadata/labels/node-role.kubernetes.io~1worker ``` ## System-Level Configuration diff --git a/docs/user-guide/projects.md b/docs/user-guide/projects.md index f5979cf3c47b3..d027193421d49 100644 --- a/docs/user-guide/projects.md +++ b/docs/user-guide/projects.md @@ -1,7 +1,6 @@ ## Projects -Projects provide a logical grouping of applications, which is useful when Argo CD is used by multiple -teams. Projects provide the following features: +Projects provide a logical grouping of applications, which is useful when Argo CD is used by multiple teams. Projects provide the following features: * restrict what may be deployed (trusted Git source repositories) * restrict where apps may be deployed to (destination clusters and namespaces) @@ -10,10 +9,7 @@ teams. Projects provide the following features: ### The Default Project -Every application belongs to a single project. If unspecified, an application belongs to the -`default` project, which is created automatically and by default, permits deployments from any -source repo, to any cluster, and all resource Kinds. The default project can be modified, but not -deleted. When initially created, it's specification is configured to be the most permissive: +Every application belongs to a single project. If unspecified, an application belongs to the `default` project, which is created automatically and by default, permits deployments from any source repo, to any cluster, and all resource Kinds. The default project can be modified, but not deleted. When initially created, it's specification is configured to be the most permissive: ```yaml spec: @@ -29,10 +25,7 @@ spec: ### Creating Projects -Additional projects can be created to give separate teams different levels of access to namespaces. -The following command creates a new project `myproject` which can deploy applications to namespace -`mynamespace` of cluster `https://kubernetes.default.svc`. The permitted Git source repository is -set to `https://github.com/argoproj/argocd-example-apps.git` repository. +Additional projects can be created to give separate teams different levels of access to namespaces. The following command creates a new project `myproject` which can deploy applications to namespace `mynamespace` of cluster `https://kubernetes.default.svc`. The permitted Git source repository is set to `https://github.com/argoproj/argocd-example-apps.git` repository. ```bash argocd proj create myproject -d https://kubernetes.default.svc,mynamespace -s https://github.com/argoproj/argocd-example-apps.git @@ -109,11 +102,9 @@ As with sources, a destination is considered valid if the following conditions h 1. _Any_ allow destination rule (i.e. a rule which isn't prefixed with `!`) permits the destination 2. AND *no* deny destination (i.e. a rule which is prefixed with `!`) rejects the destination -Keep in mind that `!*` is an invalid rule, since it doesn't make any sense to disallow everything. +Keep in mind that `!*` is an invalid rule, since it doesn't make any sense to disallow everything. -Permitted destination K8s resource kinds are managed with the commands. Note that namespaced-scoped -resources are restricted via a deny list, whereas cluster-scoped resources are restricted via -allow list. +Permitted destination K8s resource kinds are managed with the commands. Note that namespaced-scoped resources are restricted via a deny list, whereas cluster-scoped resources are restricted via allow list. ```bash argocd proj allow-cluster-resource @@ -124,8 +115,7 @@ argocd proj deny-namespace-resource ### Assign Application To A Project -The application project can be changed using `app set` command. In order to change the project of -an app, the user must have permissions to access the new project. +The application project can be changed using `app set` command. In order to change the project of an app, the user must have permissions to access the new project. ``` argocd app set guestbook-default --project myproject @@ -133,18 +123,39 @@ argocd app set guestbook-default --project myproject ## Project Roles -Projects include a feature called roles that enable automated access to a project's applications. -These can be used to give a CI pipeline a restricted set of permissions. For example, a CI system -may only be able to sync a single app (but not change its source or destination). +Projects include a feature called roles that can be used to determine who and what can be done applications associated with the project. As an example, it can be used to give a CI pipeline a restricted set of permissions allowing sync operations on a single app (but not change its source or destination). + +Projects can have multiple roles, and those roles can have different access granted to them. These permissions are called policies which follows the same [RBAC pattern used in Argo CD configuration](../operator-manual/rbac.md). They are stored within the role as a list of policy strings. A role's policy can only grant access to that role. Users are associated with roles based on the groups list. Consider the hypothetical AppProject definition below: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: sample-test-project +spec: + ... + roles: + - description: some-role + groups: + - some-user + name: admin + policies: + - p, proj:sample-test-project:some-role, applications, *, *, allow + ... +``` + +Argo CD will use the policies defined in the AppProject roles while authorizing users actions. To determine which role a given users is associated with, it will dynamically create groups based on the role name in runtime. The project definition above will generate the following Casbin RBAC rules: -Projects can have multiple roles, and those roles can have different access granted to them. These -permissions are called policies, and they are stored within the role as a list of policy strings. -A role's policy can only grant access to that role and are limited to applications within the role's -project. However, the policies have an option for granting wildcard access to any application -within a project. +``` + p, proj:sample-test-project:some-role, applications, *, *, allow + g, some-user, proj:sample-test-project:some-role +``` + +_Note 1_: It is very important that policy roles follow the pattern `proj::` or they won't be effective during the Argo CD authorization process. -In order to create roles in a project and add policies to a role, a user will need permission to -update a project. The following commands can be used to manage a role. +_Note 2_: The example above used `applications` as the resource for the policy definition. However other types of resources can also be used: `repositories`, `clusters`, `logs`, `exec` and `projects`. See the [RBAC documentation](../operator-manual/rbac.md) for more details about those resources. + +In order to create roles in a project and add policies to a role, a user will need permission to update a project. The following commands can be used to manage a role. ```bash argocd proj role list @@ -155,10 +166,7 @@ argocd proj role add-policy argocd proj role remove-policy ``` -Project roles in itself are not useful without generating a token to associate to that role. Argo CD -supports JWT tokens as the means to authenticate to a role. Since the JWT token is -associated with a role's policies, any changes to the role's policies will immediately take effect -for that JWT token. +Project roles in itself are not useful without generating a token to associate to that role. Argo CD supports JWT tokens as the means to authenticate to a role. Since the JWT token is associated with a role's policies, any changes to the role's policies will immediately take effect for that JWT token. The following commands are used to manage the JWT tokens. @@ -167,16 +175,9 @@ argocd proj role create-token PROJECT ROLE-NAME argocd proj role delete-token PROJECT ROLE-NAME ISSUED-AT ``` -Since the JWT tokens aren't stored in Argo CD, they can only be retrieved when they are created. A -user can leverage them in the cli by either passing them in using the `--auth-token` flag or setting -the ARGOCD_AUTH_TOKEN environment variable. The JWT tokens can be used until they expire or are -revoked. The JWT tokens can created with or without an expiration, but the default on the cli is -creates them without an expirations date. Even if a token has not expired, it cannot be used if -the token has been revoked. +Since the JWT tokens aren't stored in Argo CD, they can only be retrieved when they are created. A user can leverage them in the cli by either passing them in using the `--auth-token` flag or setting the ARGOCD_AUTH_TOKEN environment variable. The JWT tokens can be used until they expire or are revoked. The JWT tokens can created with or without an expiration, but the default on the cli is creates them without an expirations date. Even if a token has not expired, it cannot be used if the token has been revoked. -Below is an example of leveraging a JWT token to access a guestbook application. It makes the -assumption that the user already has a project named myproject and an application called -guestbook-default. +Below is an example of leveraging a JWT token to access a guestbook application. It makes the assumption that the user already has a project named myproject and an application called guestbook-default. ```bash PROJ=myproject @@ -211,8 +212,7 @@ argocd app get $APP --auth-token $JWT ## Configuring RBAC With Projects -The project Roles allows configuring RBAC rules scoped to the project. The following sample -project provides read-only permissions on project applications to any member of `my-oidc-group` group. +The project Roles allows configuring RBAC rules scoped to the project. The following sample project provides read-only permissions on project applications to any member of `my-oidc-group` group. *AppProject example:* @@ -234,12 +234,11 @@ spec: ``` You can use `argocd proj role` CLI commands or project details page in the user interface to configure the policy. -Note that each project role policy rule must be scoped to that project only. Use the `argocd-rbac-cm` ConfigMap described in -[RBAC](../operator-manual/rbac.md) documentation if you want to configure cross project RBAC rules. +Note that each project role policy rule must be scoped to that project only. Use the `argocd-rbac-cm` ConfigMap described in [RBAC](../operator-manual/rbac.md) documentation if you want to configure cross project RBAC rules. ## Configuring Global Projects (v1.8) -Global projects can be configured to provide configurations that other projects can inherit from. +Global projects can be configured to provide configurations that other projects can inherit from. Projects, which match `matchExpressions` specified in `argocd-cm` ConfigMap, inherit the following fields from the global project: @@ -271,17 +270,14 @@ projectName: `proj-global-test` should be replaced with your own global project ## Project scoped Repositories and Clusters -Normally, an Argo CD admin creates a project and decides in advance which clusters and Git repositories -it defines. However, this creates a problem in scenarios where a developer wants to add a repository or cluster -after the initial creation of the project. This forces the developer to contact their Argo CD admin again to update the project definition. +Normally, an Argo CD admin creates a project and decides in advance which clusters and Git repositories it defines. However, this creates a problem in scenarios where a developer wants to add a repository or cluster after the initial creation of the project. This forces the developer to contact their Argo CD admin again to update the project definition. It is possible to offer a self-service process for developers so that they can add a repository and/or cluster in a project on their own even after the initial creation of the project. For this purpose Argo CD supports project-scoped repositories and clusters. To begin the process, Argo CD admins must configure RBAC security to allow this self-service behavior. -For example, to allow users to add project scoped repositories and admin would have to add -the following RBAC rules: +For example, to allow users to add project scoped repositories and admin would have to add the following RBAC rules: ``` p, proj:my-project:admin, repositories, create, my-project/*, allow @@ -295,8 +291,7 @@ This provides extra flexibility so that admins can have stricter rules. e.g.: p, proj:my-project:admin, repositories, update, my-project/https://github.example.com/*, allow ``` -Once the appropriate RBAC rules are in place, developers can create their own Git repositories and (assuming -they have the correct credentials) can add them in an existing project either from the UI or the CLI. +Once the appropriate RBAC rules are in place, developers can create their own Git repositories and (assuming they have the correct credentials) can add them in an existing project either from the UI or the CLI. Both the User interface and the CLI have the ability to optionally specify a project. If a project is specified then the respective cluster/repository is considered project scoped: ```argocd repo add --name stable https://charts.helm.sh/stable --type helm --project my-project``` @@ -319,6 +314,11 @@ stringData: password: **** ``` +!!! warning +Please keep in mind when using a project-scoped repository, only applications from the same project can make use of +it. When using applicationsets with the Git generator, only non-scoped repositories can be used (i.e. repositories that +do _not_ have a `project` set). + All the examples above talk about Git repositories, but the same principles apply to clusters as well. ```yaml @@ -343,9 +343,7 @@ stringData: } ``` -With project-scoped clusters we can also restrict projects to only allow applications whose destinations belong to the -same project. The default behavior allows for applications to be installed onto clusters which are not a part of the same -project, as the example below demonstrates: +With project-scoped clusters we can also restrict projects to only allow applications whose destinations belong to the same project. The default behavior allows for applications to be installed onto clusters which are not a part of the same project, as the example below demonstrates: ```yaml apiVersion: argoproj.io/v1alpha1 @@ -360,12 +358,11 @@ spec: project: foo-project ``` -To prevent this behavior, we can set the attribute `permitOnlyProjectScopedClusters` on a project. +To prevent this behavior, we can set the attribute `permitOnlyProjectScopedClusters` on a project. ```yaml spec: permitOnlyProjectScopedClusters: true ``` -With this set, the application above would no longer be allowed to be synced to any cluster other than the ones which -are a part of the same project. +With this set, the application above would no longer be allowed to be synced to any cluster other than the ones which are a part of the same project. diff --git a/event_reporter/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/event_reporter/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..c50d8d217e77e --- /dev/null +++ b/event_reporter/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,180 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetFolderWithContext") + } + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithContext") + } + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListBranchesWithContext") + } + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListRepositoriesWithContext") + } + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSCodeCommitClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/event_reporter/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/event_reporter/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..b5e9112df0511 --- /dev/null +++ b/event_reporter/application/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,68 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetResourcesWithContext") + } + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSTaggingClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/event_reporter/application/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/event_reporter/application/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go new file mode 100644 index 0000000000000..902859672cd0e --- /dev/null +++ b/event_reporter/application/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -0,0 +1,3335 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + core "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" + + io "io" + + mock "github.com/stretchr/testify/mock" + + webapi "github.com/microsoft/azure-devops-go-api/azuredevops/webapi" +) + +// Client is an autogenerated mock type for the Client type +type Client struct { + mock.Mock +} + +// CreateAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAttachment") + } + + var r0 *git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCommitStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCommitStatus") + } + + var r0 *git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CreateMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePush provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeleteAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteAttachment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteComment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestIterationStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestLabels") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestReviewer") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRefFavorite") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepository") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepositoryFromRecycleBin") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachments") + } + + var r0 *[]git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlob provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlob") + } + + var r0 *git.GitBlobRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBlobRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobsZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobsZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranch") + } + + var r0 *git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranches provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranches") + } + + var r0 *[]git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetChanges") + } + + var r0 *git.GitCommitChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPickForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPickForRefName") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComments") + } + + var r0 *[]git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommit provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommit") + } + + var r0 *git.GitCommit + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommit) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitDiffs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitDiffs") + } + + var r0 *git.GitCommitDiffs + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitDiffs) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitsBatch") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetDeletedRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetDeletedRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequests") + } + + var r0 *[]git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForks provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForks") + } + + var r0 *[]git.GitRepositoryRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepositoryRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItem provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItem") + } + + var r0 *git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemText provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemText") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItems provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItems") + } + + var r0 *[]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemsBatch") + } + + var r0 *[][]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[][]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetLikes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetLikes") + } + + var r0 *[]webapi.IdentityRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.IdentityRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeBases provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeBases") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPolicyConfigurations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPolicyConfigurations") + } + + var r0 *git.GitPolicyConfigurationResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPolicyConfigurationResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestById provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestById") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestCommits") + } + + var r0 *git.GetPullRequestCommitsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetPullRequestCommitsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIteration provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIteration") + } + + var r0 *git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationChanges") + } + + var r0 *git.GitPullRequestIterationChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIterationChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterations") + } + + var r0 *[]git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabels") + } + + var r0 *[]core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestQuery provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestQuery") + } + + var r0 *git.GitPullRequestQuery + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestQuery) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestWorkItemRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestWorkItemRefs") + } + + var r0 *[]webapi.ResourceRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.ResourceRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequests") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestsByProject provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestsByProject") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPush provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushes") + } + + var r0 *[]git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRecycleBinRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRecycleBinRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorites provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorites") + } + + var r0 *[]git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefs") + } + + var r0 *git.GetRefsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetRefsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositories") + } + + var r0 *[]git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithParent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithParent") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevertForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevertForRefName") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetStatuses") + } + + var r0 *[]git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetSuggestions provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetSuggestions") + } + + var r0 *[]git.GitSuggestion + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitSuggestion) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetThreads provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetThreads") + } + + var r0 *[]git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTree provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTree") + } + + var r0 *git.GitTreeRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitTreeRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTreeZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTreeZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// QueryImportRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for QueryImportRequests") + } + + var r0 *[]git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RestoreRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for RestoreRepositoryFromRecycleBin") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SharePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for SharePullRequest") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestIterationStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestReviewers") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateRef provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRef") + } + + var r0 *git.GitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRefs") + } + + var r0 *[]git.GitRefUpdateResult + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefUpdateResult) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/event_reporter/application/client.go b/event_reporter/application/client.go index 86b0b53cb952c..2fd9ae7a361e4 100644 --- a/event_reporter/application/client.go +++ b/event_reporter/application/client.go @@ -16,8 +16,6 @@ import ( repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" ) -//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=ApplicationClient - type ApplicationClient interface { Get(ctx context.Context, in *appclient.ApplicationQuery, opts ...grpc.CallOption) (*v1alpha1.Application, error) @@ -62,7 +60,7 @@ func NewHttpApplicationClient(token string, address string, rootpath string) App } } -func (c *httpApplicationClient) execute(ctx context.Context, url string, result interface{}, printBody ...bool) error { +func (c *httpApplicationClient) execute(ctx context.Context, url string, result interface{}) error { req, err := http.NewRequestWithContext(ctx, "GET", url, nil) if err != nil { return err @@ -171,7 +169,7 @@ func (c *httpApplicationClient) GetResource(ctx context.Context, in *appclient.A url := fmt.Sprintf("%s/api/v1/applications/%s/resource%s", c.baseUrl, *in.Name, params) applicationResource := &appclient.ApplicationResourceResponse{} - err := c.execute(ctx, url, applicationResource, true) + err := c.execute(ctx, url, applicationResource) if err != nil { return nil, err } diff --git a/event_reporter/controller/controller.go b/event_reporter/controller/controller.go index 262f55a7a7c34..cc44f98e3f5b0 100644 --- a/event_reporter/controller/controller.go +++ b/event_reporter/controller/controller.go @@ -76,11 +76,16 @@ func (c *eventReporterController) Run(ctx context.Context) { if err != nil { return err } + installationID, err := c.settingsMgr.GetInstallationID() + if err != nil { + return err + } trackingMethod := argoutil.GetTrackingMethod(c.settingsMgr) err = c.applicationEventReporter.StreamApplicationEvents(ctx, &a, eventProcessingStartedAt, ignoreResourceCache, &reporter.ArgoTrackingMetadata{ AppInstanceLabelKey: &appInstanceLabelKey, TrackingMethod: &trackingMethod, + InstallationID: &installationID, }) if err != nil { return err diff --git a/event_reporter/reporter/app_revision.go b/event_reporter/reporter/app_revision.go index b4c68f346325f..025c82bc3b09b 100644 --- a/event_reporter/reporter/app_revision.go +++ b/event_reporter/reporter/app_revision.go @@ -63,7 +63,7 @@ func (s *applicationEventReporter) getRevisionsDetails(ctx context.Context, a *v return rms, nil } -func (s *applicationEventReporter) getApplicationRevisionsMetadata(ctx context.Context, logCtx *log.Entry, a *v1alpha1.Application) (*utils.AppSyncRevisionsMetadata, error) { +func (s *applicationEventReporter) getApplicationRevisionsMetadata(ctx context.Context, logCtx *log.Entry, a *v1alpha1.Application) (*utils.AppSyncRevisionsMetadata, error) { //nolint:golint,unparam result := &utils.AppSyncRevisionsMetadata{} if a.Status.Sync.Revision != "" || a.Status.Sync.Revisions != nil || (a.Status.History != nil && len(a.Status.History) > 0) { diff --git a/event_reporter/reporter/application_event_reporter.go b/event_reporter/reporter/application_event_reporter.go index 359f694f7af5a..2cee792148c86 100644 --- a/event_reporter/reporter/application_event_reporter.go +++ b/event_reporter/reporter/application_event_reporter.go @@ -164,7 +164,7 @@ func (s *applicationEventReporter) StreamApplicationEvents( logCtx.Info("getting parent application name") - parentAppIdentity := utils.GetParentAppIdentity(a, *argoTrackingMetadata.AppInstanceLabelKey, *argoTrackingMetadata.TrackingMethod) + parentAppIdentity := utils.GetParentAppIdentity(a, *argoTrackingMetadata.AppInstanceLabelKey, *argoTrackingMetadata.InstallationID, *argoTrackingMetadata.TrackingMethod) if utils.IsChildApp(parentAppIdentity) { logCtx.Info("processing as child application") diff --git a/event_reporter/reporter/event_payload_test.go b/event_reporter/reporter/event_payload_test.go index 87e22e7a2cb36..0069705e7260e 100644 --- a/event_reporter/reporter/event_payload_test.go +++ b/event_reporter/reporter/event_payload_test.go @@ -21,10 +21,12 @@ import ( func getMockedArgoTrackingMetadata() *ArgoTrackingMetadata { appInstanceLabelKey := common.LabelKeyAppInstance trackingMethod := argo.TrackingMethodLabel + installationID := "" return &ArgoTrackingMetadata{ AppInstanceLabelKey: &appInstanceLabelKey, TrackingMethod: &trackingMethod, + InstallationID: &installationID, } } diff --git a/event_reporter/reporter/types.go b/event_reporter/reporter/types.go index 810f26253ec1a..05c3fea4ae970 100644 --- a/event_reporter/reporter/types.go +++ b/event_reporter/reporter/types.go @@ -33,6 +33,7 @@ type ReportedEntityParentApp struct { type ArgoTrackingMetadata struct { AppInstanceLabelKey *string TrackingMethod *appv1.TrackingMethod + InstallationID *string } func (rr *ReportedResource) GetApiVersion() string { diff --git a/event_reporter/server.go b/event_reporter/server.go index 6c23dcf099d44..d25ce5a3b6ef7 100644 --- a/event_reporter/server.go +++ b/event_reporter/server.go @@ -159,7 +159,7 @@ func (a *EventReporterServer) RunController(ctx context.Context) { // newHTTPServer returns the HTTP server to serve HTTP/HTTPS requests. This is implemented // using grpc-gateway as a proxy to the gRPC server. -func (a *EventReporterServer) newHTTPServer(ctx context.Context, port int) *http.Server { +func (a *EventReporterServer) newHTTPServer(ctx context.Context, port int) *http.Server { //nolint:golint,unparam endpoint := fmt.Sprintf("localhost:%d", port) mux := http.NewServeMux() httpS := http.Server{ diff --git a/event_reporter/utils/app_instance.go b/event_reporter/utils/app_instance.go index 3f0bdfeba3906..18a0c6f46215b 100644 --- a/event_reporter/utils/app_instance.go +++ b/event_reporter/utils/app_instance.go @@ -33,11 +33,11 @@ func parseInstanceName(appNameString string) *AppIdentity { } } -func GetParentAppIdentity(a *appv1.Application, appInstanceLabelKey string, trackingMethod appv1.TrackingMethod) *AppIdentity { +func GetParentAppIdentity(a *appv1.Application, appInstanceLabelKey string, installationID string, trackingMethod appv1.TrackingMethod) *AppIdentity { resourceTracking := argo.NewResourceTracking() unApp := kube.MustToUnstructured(&a) - instanceName := resourceTracking.GetAppName(unApp, appInstanceLabelKey, trackingMethod) + instanceName := resourceTracking.GetAppName(unApp, appInstanceLabelKey, trackingMethod, installationID) if instanceNameIncludesNs(instanceName) { return parseInstanceName(instanceName) diff --git a/event_reporter/utils/app_instance_test.go b/event_reporter/utils/app_instance_test.go index a145dbca743e2..c15ea72f939ef 100644 --- a/event_reporter/utils/app_instance_test.go +++ b/event_reporter/utils/app_instance_test.go @@ -37,7 +37,7 @@ func TestGetParentAppIdentityWithinNonControllerNs(t *testing.T) { }) guestbookApp.Annotations = annotations - res := GetParentAppIdentity(&guestbookApp, common.LabelKeyAppInstance, "annotation") + res := GetParentAppIdentity(&guestbookApp, common.LabelKeyAppInstance, "", "annotation") assert.Equal(t, expectedName, res.Name) assert.Equal(t, expectedNamespace, res.Namespace) @@ -69,7 +69,7 @@ func TestGetParentAppIdentityWithinControllerNs(t *testing.T) { }) guestbookApp.Annotations = annotations - res := GetParentAppIdentity(&guestbookApp, common.LabelKeyAppInstance, "annotation") + res := GetParentAppIdentity(&guestbookApp, common.LabelKeyAppInstance, "", "annotation") assert.Equal(t, expectedName, res.Name) assert.Equal(t, expectedNamespace, res.Namespace) diff --git a/examples/dashboard.json b/examples/dashboard.json index 108ac81918ba3..b21a008456e1a 100644 --- a/examples/dashboard.json +++ b/examples/dashboard.json @@ -4014,7 +4014,7 @@ "collapsed": true, "datasource": { "type": "prometheus", - "uid": "prometheus" + "uid": "$datasource" }, "gridPos": { "h": 1, @@ -4031,7 +4031,7 @@ "dashes": false, "datasource": { "type": "prometheus", - "uid": "prometheus" + "uid": "$datasource" }, "fieldConfig": { "defaults": { @@ -4078,7 +4078,7 @@ { "datasource": { "type": "prometheus", - "uid": "prometheus" + "uid": "$datasource" }, "expr": "sum(increase(argocd_redis_request_total{namespace=~\"$namespace\"}[$interval])) by (failed)", "refId": "A" @@ -4119,7 +4119,7 @@ { "datasource": { "type": "prometheus", - "uid": "prometheus" + "uid": "$datasource" }, "refId": "A" } @@ -4426,4 +4426,4 @@ "uid": "LCAgc9rWz", "version": 2, "weekStart": "" -} \ No newline at end of file +} diff --git a/go.mod b/go.mod index ce2b2c2816fc8..7dc8ce85222b0 100644 --- a/go.mod +++ b/go.mod @@ -1,120 +1,121 @@ module github.com/argoproj/argo-cd/v2 -go 1.21.0 +go 1.22.0 require ( - code.gitea.io/sdk/gitea v0.18.0 + code.gitea.io/sdk/gitea v0.19.0 github.com/Azure/kubelogin v0.0.20 - github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible - github.com/Masterminds/semver/v3 v3.2.1 - github.com/Masterminds/sprig/v3 v3.2.3 + github.com/Masterminds/semver/v3 v3.3.0 + github.com/Masterminds/sprig/v3 v3.3.0 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d - github.com/alicebob/miniredis/v2 v2.30.4 + github.com/alicebob/miniredis/v2 v2.33.0 github.com/antonmedv/expr v1.15.2 - github.com/argoproj/gitops-engine v0.7.1-0.20240714153147-adb68bcaab73 + github.com/argoproj/gitops-engine v0.7.1-0.20240905010810-bd7681ae3f8b github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.50.8 + github.com/aws/aws-sdk-go v1.55.5 github.com/aws/smithy-go v1.19.0 - github.com/bmatcuk/doublestar/v4 v4.6.0 + github.com/bmatcuk/doublestar/v4 v4.6.1 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 - github.com/casbin/casbin/v2 v2.77.2 - github.com/cespare/xxhash/v2 v2.2.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 + github.com/casbin/casbin/v2 v2.99.0 + github.com/casbin/govaluate v1.2.0 + github.com/cespare/xxhash/v2 v2.3.0 github.com/chainguard-dev/git-urls v1.0.2 - github.com/coreos/go-oidc/v3 v3.6.0 - github.com/cyphar/filepath-securejoin v0.2.4 + github.com/coreos/go-oidc/v3 v3.11.0 + github.com/cyphar/filepath-securejoin v0.3.2 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.9.0+incompatible - github.com/felixge/httpsnoop v1.0.3 + github.com/expr-lang/expr v1.16.9 + github.com/felixge/httpsnoop v1.0.4 github.com/fsnotify/fsnotify v1.7.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e github.com/go-git/go-git/v5 v5.12.0 github.com/go-jose/go-jose/v3 v3.0.3 - github.com/go-logr/logr v1.4.1 - github.com/go-openapi/loads v0.21.2 - github.com/go-openapi/runtime v0.26.0 - github.com/go-playground/webhooks/v6 v6.3.0 + github.com/go-logr/logr v1.4.2 + github.com/go-openapi/loads v0.22.0 + github.com/go-openapi/runtime v0.28.0 + github.com/go-playground/webhooks/v6 v6.4.0 github.com/go-redis/cache/v9 v9.0.0 github.com/gobwas/glob v0.2.3 github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355 github.com/gogo/protobuf v1.3.2 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/protobuf v1.5.4 - github.com/google/btree v1.1.2 + github.com/google/btree v1.1.3 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v35 v35.3.0 + github.com/google/go-github/v63 v63.0.0 github.com/google/go-jsonnet v0.20.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 - github.com/google/uuid v1.3.1 - github.com/gorilla/handlers v1.5.1 - github.com/gorilla/websocket v1.5.0 - github.com/gosimple/slug v1.13.1 + github.com/google/uuid v1.6.0 + github.com/gorilla/handlers v1.5.2 + github.com/gorilla/websocket v1.5.3 + github.com/gosimple/slug v1.14.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 github.com/hashicorp/go-retryablehttp v0.7.7 github.com/imdario/mergo v0.3.16 github.com/improbable-eng/grpc-web v0.15.0 - github.com/itchyny/gojq v0.12.13 + github.com/itchyny/gojq v0.12.16 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.67 + github.com/ktrysmt/go-bitbucket v0.9.80 github.com/mattn/go-isatty v0.0.20 - github.com/mattn/go-zglob v0.0.4 + github.com/mattn/go-zglob v0.0.6 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/prometheus/client_golang v1.18.0 + github.com/prometheus/client_golang v1.20.3 github.com/r3labs/diff v1.1.0 - github.com/redis/go-redis/v9 v9.0.5 + github.com/redis/go-redis/v9 v9.6.1 github.com/robfig/cron/v3 v3.0.1 github.com/sethvargo/go-limiter v0.7.2 github.com/sirupsen/logrus v1.9.3 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c github.com/soheilhy/cmux v0.1.5 - github.com/spf13/cobra v1.7.0 + github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/valyala/fasttemplate v1.2.2 - github.com/xanzy/go-gitlab v0.91.1 - github.com/yuin/gopher-lua v1.1.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 - go.opentelemetry.io/otel v1.21.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 - go.opentelemetry.io/otel/sdk v1.21.0 - golang.org/x/crypto v0.23.0 + github.com/xanzy/go-gitlab v0.109.0 + github.com/yuin/gopher-lua v1.1.1 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 + go.opentelemetry.io/otel v1.30.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0 + go.opentelemetry.io/otel/sdk v1.30.0 + golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/net v0.25.0 - golang.org/x/oauth2 v0.12.0 - golang.org/x/sync v0.5.0 - golang.org/x/term v0.20.0 - golang.org/x/time v0.5.0 - google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d - google.golang.org/grpc v1.59.0 - google.golang.org/protobuf v1.33.0 + golang.org/x/net v0.29.0 + golang.org/x/oauth2 v0.23.0 + golang.org/x/sync v0.8.0 + golang.org/x/term v0.24.0 + golang.org/x/time v0.6.0 + google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 + google.golang.org/grpc v1.66.2 + google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.29.6 - k8s.io/apiextensions-apiserver v0.29.6 - k8s.io/apimachinery v0.29.6 - k8s.io/apiserver v0.29.6 - k8s.io/client-go v0.29.6 - k8s.io/code-generator v0.29.6 - k8s.io/klog/v2 v2.110.1 - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 - k8s.io/kubectl v0.29.6 - k8s.io/utils v0.0.0-20230726121419-3b25d923346b + k8s.io/api v0.31.0 + k8s.io/apiextensions-apiserver v0.31.2 + k8s.io/apimachinery v0.31.0 + k8s.io/apiserver v0.31.0 + k8s.io/client-go v0.31.0 + k8s.io/code-generator v0.31.0 + k8s.io/klog/v2 v2.130.1 + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 + k8s.io/kubectl v0.31.2 + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 - oras.land/oras-go/v2 v2.3.0 - sigs.k8s.io/controller-runtime v0.17.2 + oras.land/oras-go/v2 v2.5.0 + sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 sigs.k8s.io/yaml v1.4.0 ) require ( - dario.cat/mergo v1.0.0 // indirect + dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect @@ -135,36 +136,37 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect github.com/davidmz/go-pageant v1.0.2 // indirect github.com/distribution/reference v0.5.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-fed/httpsig v1.1.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-github/v62 v62.0.0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect - github.com/tidwall/gjson v1.14.4 // indirect - github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.0 // indirect + github.com/x448/float16 v0.8.4 // indirect go.opencensus.io v0.24.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/text v0.18.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/api v0.132.0 // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/retry.v1 v1.0.3 // indirect + k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect k8s.io/klog v1.0.0 // indirect nhooyr.io/websocket v1.8.7 // indirect ) require ( - cloud.google.com/go/compute v1.23.0 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect @@ -183,89 +185,87 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect - github.com/dlclark/regexp2 v1.11.2 + github.com/dlclark/regexp2 v1.11.4 github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect - github.com/fvbommel/sortorder v1.1.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.3 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/spec v0.20.8 // indirect - github.com/go-openapi/strfmt v0.21.7 // indirect - github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-openapi/validate v0.22.1 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/spec v0.21.0 // indirect + github.com/go-openapi/strfmt v0.23.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/validate v0.24.0 // indirect github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect - github.com/golang/glog v1.1.2 // indirect + github.com/golang/glog v1.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/gregdel/pushover v1.2.1 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/huandu/xstrings v1.3.3 // indirect + github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/itchyny/timefmt-go v0.1.5 // indirect + github.com/itchyny/timefmt-go v0.1.6 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.16.5 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 // indirect - github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/mitchellh/copystructure v1.0.0 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/mitchellh/reflectwalk v1.0.0 // indirect - github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/moby/spdystream v0.4.0 // indirect + github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc4 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_model v0.5.0 - github.com/prometheus/common v0.45.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect - github.com/rivo/uniseg v0.4.4 // indirect - github.com/rs/cors v1.9.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_model v0.6.1 + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/rs/cors v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect - github.com/shopspring/decimal v1.2.0 // indirect + github.com/shopspring/decimal v1.4.0 // indirect github.com/skeema/knownhosts v1.2.2 // indirect github.com/slack-go/slack v0.12.2 // indirect - github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/vmihailenco/go-tinylfu v0.2.2 // indirect @@ -273,36 +273,31 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.mongodb.org/mongo-driver v1.11.3 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.21.0 // indirect - go.opentelemetry.io/otel/trace v1.21.0 // indirect - go.opentelemetry.io/proto/otlp v1.0.0 // indirect + go.mongodb.org/mongo-driver v1.14.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 // indirect + go.opentelemetry.io/otel/metric v1.30.0 // indirect + go.opentelemetry.io/otel/trace v1.30.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.uber.org/automaxprocs v1.5.3 gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect gomodules.xyz/notify v0.1.1 // indirect - google.golang.org/appengine v1.6.7 // indirect + google.golang.org/appengine v1.6.8 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/cli-runtime v0.29.6 // indirect - k8s.io/component-base v0.29.6 // indirect - k8s.io/component-helpers v0.29.6 // indirect - k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect - k8s.io/kube-aggregator v0.29.6 // indirect - k8s.io/kubernetes v1.29.6 // indirect + k8s.io/cli-runtime v0.31.0 // indirect + k8s.io/component-base v0.31.0 // indirect + k8s.io/component-helpers v0.31.0 // indirect + k8s.io/kube-aggregator v0.31.2 // indirect + k8s.io/kubernetes v1.31.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/api v0.17.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect ) replace ( - github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 => github.com/codefresh-io/gitops-engine v0.7.1-0.20231101112317-9a82c6c72832 - - // https://github.com/golang/go/issues/33546#issuecomment-519656923 - github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 - github.com/go-telegram-bot-api/telegram-bot-api/v5 => github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 @@ -317,34 +312,35 @@ replace ( // Avoid CVE-2022-28948 gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 - k8s.io/api => k8s.io/api v0.29.6 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.29.6 - k8s.io/apimachinery => k8s.io/apimachinery v0.29.6 - k8s.io/apiserver => k8s.io/apiserver v0.29.6 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.29.6 - k8s.io/client-go => k8s.io/client-go v0.29.6 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.29.6 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.29.6 - k8s.io/code-generator => k8s.io/code-generator v0.29.6 - k8s.io/component-base => k8s.io/component-base v0.29.6 - k8s.io/component-helpers => k8s.io/component-helpers v0.29.6 - k8s.io/controller-manager => k8s.io/controller-manager v0.29.6 - k8s.io/cri-api => k8s.io/cri-api v0.29.6 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.29.6 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.29.6 - k8s.io/endpointslice => k8s.io/endpointslice v0.29.6 - k8s.io/kms => k8s.io/kms v0.29.6 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.29.6 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.29.6 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.29.6 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.29.6 - k8s.io/kubectl => k8s.io/kubectl v0.29.6 - k8s.io/kubelet => k8s.io/kubelet v0.29.6 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.29.6 - k8s.io/metrics => k8s.io/metrics v0.29.6 - k8s.io/mount-utils => k8s.io/mount-utils v0.29.6 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.29.6 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.6 - k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.29.6 - k8s.io/sample-controller => k8s.io/sample-controller v0.29.6 + k8s.io/api => k8s.io/api v0.31.0 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.0 + k8s.io/apimachinery => k8s.io/apimachinery v0.31.0 + k8s.io/apiserver => k8s.io/apiserver v0.31.0 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.0 + k8s.io/client-go => k8s.io/client-go v0.31.0 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.0 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.31.0 + k8s.io/code-generator => k8s.io/code-generator v0.31.0 + k8s.io/component-base => k8s.io/component-base v0.31.0 + k8s.io/component-helpers => k8s.io/component-helpers v0.31.0 + k8s.io/controller-manager => k8s.io/controller-manager v0.31.0 + k8s.io/cri-api => k8s.io/cri-api v0.31.0 + k8s.io/cri-client => k8s.io/cri-client v0.31.0 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.0 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.0 + k8s.io/endpointslice => k8s.io/endpointslice v0.31.0 + k8s.io/kms => k8s.io/kms v0.31.0 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.0 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.0 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.0 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.0 + k8s.io/kubectl => k8s.io/kubectl v0.31.0 + k8s.io/kubelet => k8s.io/kubelet v0.31.0 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.31.0 + k8s.io/metrics => k8s.io/metrics v0.31.0 + k8s.io/mount-utils => k8s.io/mount-utils v0.31.0 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.0 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.0 + k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.31.0 + k8s.io/sample-controller => k8s.io/sample-controller v0.31.0 ) diff --git a/go.sum b/go.sum index b4557335ca692..21310acc62d9b 100644 --- a/go.sum +++ b/go.sum @@ -1,609 +1,12 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= -cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U= -cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= -cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= -cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= -cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= -cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= -cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= -cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= -cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= -cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= -cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= -cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= -cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM= -cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= -cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= -cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= -cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= -cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ= -cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k= -cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= -cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= -cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= -cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M= -cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE= -cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= -cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= -cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= -cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= -cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= -cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= -cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= -cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= -cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM= -cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= -cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= -cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI= -cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= -cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= -cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= -cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84= -cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A= -cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= -cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= -cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= -cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY= -cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= -cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= -cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= -cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= -cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= -cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1nOucMH0pwXN1rOBZFI= -cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ= -cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI= -cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= -cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= -cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= -cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= -cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= -cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= -cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo= -cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg= -cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= -cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= -cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= -cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= -cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= -cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= -cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= -cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= -cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= -cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= -cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= -cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= -cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= -cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= -cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= -cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= -cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= -cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= -cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= -cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= -cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM= -cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= -cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= -cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/ZurWFIxmF9I/E= -cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= -cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= -cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= -cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= -cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= -cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= -cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= -cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss= -cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= -cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= -cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= -cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= -cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= -cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= -cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= -cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= -cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= -cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= -cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= -cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE= -cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= -cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= -cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= -cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M= -cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg= -cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= -cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= -cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= -cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= -cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= -cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= -cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= -cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= -cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y= -cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= -cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= -cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= -cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= -cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= -cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= -cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= -cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= -cloud.google.com/go/compute v1.12.0/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= -cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= -cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= -cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= -cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= -cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= -cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= -cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= -cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= -cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= -cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= -cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= -cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4= -cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM= -cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= -cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= -cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= -cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= -cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= -cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= -cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= -cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= -cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= -cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= -cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= -cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= -cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= -cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= -cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= -cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= -cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= -cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= -cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= -cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA= -cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= -cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= -cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= -cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= -cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= -cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= -cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= -cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= -cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= -cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ= -cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= -cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= -cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= -cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= -cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= -cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= -cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= -cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= -cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= -cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= -cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= -cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= -cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs= -cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= -cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= -cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= -cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI= -cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= -cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= -cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= -cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= -cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= -cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= -cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= -cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4= -cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= -cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= -cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= -cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= -cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= -cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= -cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= -cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= -cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM= -cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= -cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= -cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= -cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= -cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= -cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= -cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc= -cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= -cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= -cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= -cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= -cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= -cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= -cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= -cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw= -cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= -cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= -cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= -cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs= -cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= -cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= -cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= -cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= -cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= -cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= -cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw= -cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA= -cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= -cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= -cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= -cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= -cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= -cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= -cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= -cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= -cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= -cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= -cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= -cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= -cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= -cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= -cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E= -cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= -cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= -cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= -cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= -cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= -cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= -cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= -cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= -cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= -cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= -cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= -cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= -cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= -cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= -cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= -cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= -cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= -cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= -cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo= -cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= -cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= -cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= -cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= -cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= -cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= -cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o= -cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= -cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= -cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= -cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= -cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= -cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= -cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= -cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= -cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= -cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= -cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= -cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= -cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= -cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= -cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= -cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= -cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= -cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= -cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= -cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= -cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= -cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= -cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw= -cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= -cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= -cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= -cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I= -cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= -cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= -cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= -cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= -cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM= -cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= -cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= -cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= -cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= -cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo= -cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= -cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= -cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= -cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= -cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= -cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= -cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= -cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= -cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E= -cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM= -cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= -cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= -cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY= -cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= -cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= -cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k= -cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU= -cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= -cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= -cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= -cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= -cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE= -cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ= -cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= -cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= -cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI= -cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= -cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= -cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ= -cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= -cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= -cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc= -cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= -cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= -cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= -cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= -cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw= -cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= -cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= -cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= -cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= -cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs= -cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= -cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= -cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk= -cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= -cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= -cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw= -cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc= -cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= -cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= -cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg= -cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= -cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= -cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= -cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= -cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= -cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= -cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= -cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= -cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= -cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= -cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= -cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= -cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= -cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA= -cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c= -cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= -cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= -cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac= -cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= -cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= -cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= -cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= -cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ= -cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= -cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= -cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= -cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= -cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ= -cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= -cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= -cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots= -cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo= -cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI= -cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= -cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= -cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA= -cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= -cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= -cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= -cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= -cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14= -cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= -cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= -cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM= -cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= -cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= -cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= -cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= -cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= -cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc= -cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc= -cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= -cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= -cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= -cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= -cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= -cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= -cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= -cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= -cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= -cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8= -cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0= -cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= -cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= -cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= -cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= -cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0= -cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag= -cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= -cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= -cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA= -cloud.google.com/go/servicecontrol v1.11.0/go.mod h1:kFmTzYzTUIuZs0ycVqRHNaNhgR+UMUpw9n02l/pY+mc= -cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= -cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= -cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= -cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= -cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= -cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY= -cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s= -cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= -cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= -cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc= -cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= -cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= -cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= -cloud.google.com/go/serviceusage v1.5.0/go.mod h1:w8U1JvqUqwJNPEOTQjrMHkw3IaIFLoLsPLvsE3xueec= -cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= -cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= -cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= -cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A= -cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= -cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= -cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= -cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= -cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= -cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= -cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= -cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0= -cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= -cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= -cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= -cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= -cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= -cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= -cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= -cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw= -cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= -cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= -cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= -cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= -cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c= -cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= -cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= -cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc= -cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= -cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= -cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM= -cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= -cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= -cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= -cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= -cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= -cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= -cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= -cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= -cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= -cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= -cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= -cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg= -cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk= -cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= -cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= -cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= -cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= -cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= -cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= -cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU= -cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= -cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= -cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= -cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= -cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= -cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY= -cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0= -cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= -cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= -cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc= -cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY= -cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= -cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8= -cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY= -cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= -cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= -cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes= -cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= -cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= -cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= -cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= -cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg= -cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= -cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= -cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng= -cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= -cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= -cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= -cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= -cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= -code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= -code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +code.gitea.io/sdk/gitea v0.19.0 h1:8I6s1s4RHgzxiPHhOQdgim1RWIRcr0LVMbHBjBFXq4Y= +code.gitea.io/sdk/gitea v0.19.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= -git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8= @@ -636,23 +39,19 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= -github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf h1:a7VKhbjKYPO8twGy/1AxMpM2Fp0qT7bf25fmCVMVu4s= github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8= github.com/PaesslerAG/gval v1.0.0 h1:GEKnRwkWDdf9dOmKcNrar9EA1bz1z9DqPIO1+iLzhd8= @@ -662,11 +61,8 @@ github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEs github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= github.com/PagerDuty/go-pagerduty v1.7.0 h1:S1NcMKECxT5hJwV4VT+QzeSsSiv4oWl1s2821dUqG/8= github.com/PagerDuty/go-pagerduty v1.7.0/go.mod h1:PuFyJKRz1liIAH4h5KVXVD18Obpp1ZXRdxHvmGXooro= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60/go.mod h1:rjP7sIipbZcagro/6TCk6X0ZeFT2eyudH5+fve/cbBA= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= @@ -675,10 +71,6 @@ github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d h1:WtAMR0fPCOfK7 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d/go.mod h1:WML6KOYjeU8N6YyusMjj2qRvaPNUEvrQvaxuFcMRFJY= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= -github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= -github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= -github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -686,22 +78,18 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.30.4 h1:8S4/o1/KoUArAGbGwPxcwf0krlzceva2XVOSchFS7Eo= -github.com/alicebob/miniredis/v2 v2.30.4/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA= +github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antonmedv/expr v1.15.2 h1:afFXpDWIC2n3bF+kTZE1JvFo+c34uaM3sTqh8z0xfdU= github.com/antonmedv/expr v1.15.2/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4JUv1ihsE= -github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= -github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20240714153147-adb68bcaab73 h1:7kyTgFsPjvb6noafslp2pr7fBCS9s8OJ759LdLzrOro= -github.com/argoproj/gitops-engine v0.7.1-0.20240714153147-adb68bcaab73/go.mod h1:xMIbuLg9Qj2e0egTy+8NcukbhRaVmWwK9vm3aAQZoi4= +github.com/argoproj/gitops-engine v0.7.1-0.20240905010810-bd7681ae3f8b h1:wOPWJ5MBScQO767WpU55oUJDXObfvPL0EfAYWxogbSw= +github.com/argoproj/gitops-engine v0.7.1-0.20240905010810-bd7681ae3f8b/go.mod h1:b1vuwkyMUszyUK+USUJqC8vJijnQsEPNDpC+sDdDLtM= github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621 h1:Yg1nt+D2uDK1SL2jSlfukA4yc7db184TTN7iWy3voRE= github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= @@ -713,14 +101,13 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.50.8 h1:gY0WoOW+/Wz6XmYSgDH9ge3wnAevYDSQWPxxJvqAkP4= -github.com/aws/aws-sdk-go v1.50.8/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= @@ -759,85 +146,75 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc= -github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= +github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 h1:IRY7Xy588KylkoycsUhFpW7cdGpy5Y5BPsz4IfuJtGk= -github.com/bradleyfalzon/ghinstallation/v2 v2.6.0/go.mod h1:oQ3etOwN3TRH4EwgW5/7MxSVMGlMlzG/O8TU7eYdoSk= -github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= -github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w= -github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= -github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 h1:R9d0v+iobRHSaE4wKUnXFiZp53AL4ED5MzgEMwGTZag= +github.com/bradleyfalzon/ghinstallation/v2 v2.11.0/go.mod h1:0LWKQwOHewXO/1acI6TtyE0Xc4ObDb2rFN7eHBAG71M= +github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= +github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= +github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= +github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3jM= -github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk= +github.com/casbin/casbin/v2 v2.99.0 h1:Y993vfRenh8Xtb4XVaK8KeYJTjD4Zn1XVewGszhzk1E= +github.com/casbin/casbin/v2 v2.99.0/go.mod h1:LO7YPez4dX3LgoTCqSQAleQDo0S0BeZBDxYnPUl95Ng= +github.com/casbin/govaluate v1.2.0 h1:wXCXFmqyY+1RwiKfYo3jMKyrtZmOL3kHwaqDyCPOYak= +github.com/casbin/govaluate v1.2.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ= github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o= +github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs= +github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= +github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= github.com/codeskyblue/go-sh v0.0.0-20190412065543-76bd3d59ff27/go.mod h1:VQx0hjo2oUeQkQUET7wRwradO6f+fN5jzXgB/zROxxE= -github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o= -github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc= +github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= +github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.2 h1:QhZu5AxQ+o1XZH0Ye05YzvJ0kAdK6VQc0z9NNMek7gc= +github.com/cyphar/filepath-securejoin v0.3.2/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= @@ -848,13 +225,11 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/dlclark/regexp2 v1.11.2 h1:/u628IuisSTwri5/UKloiIsH8+qF2Pu7xEQX+yIKg68= -github.com/dlclark/regexp2 v1.11.2/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/dlclark/regexp2 v1.11.4 h1:rPYF9/LECdNymJufQKmri9gV604RvvABwgOA8un7yAo= +github.com/dlclark/regexp2 v1.11.4/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= @@ -872,27 +247,15 @@ github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4s github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= -github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= -github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= -github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= -github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= +github.com/expr-lang/expr v1.16.9 h1:WUAzmR0JNI9JCiF0/ewwHB1gmcGw5wW7nWt8gc6PpCI= +github.com/expr-lang/expr v1.16.9/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg= github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0= @@ -901,11 +264,9 @@ github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwo github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= -github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.2.2/go.mod h1:Qh/WofXFeiAFII1aEBu529AtJo6Zg2VHscnEsbBnJ20= @@ -915,8 +276,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw= -github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e h1:C3DkNr9pxqXqCrmRHO7s3XgZS3zpi9GEA01GuWZODfo= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e/go.mod h1:LB3osS9X2JMYmTzcCArHHLrndBAfcVLQAvUddfs+ONs= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= @@ -931,11 +292,6 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= -github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= -github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= -github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= @@ -944,17 +300,15 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= -github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= @@ -966,53 +320,38 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= -github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= -github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= -github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= -github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= -github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= -github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= -github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= -github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= -github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU= -github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= -github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= -github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= -github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= -github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= -github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= -github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= @@ -1020,8 +359,8 @@ github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD87 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY= github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= -github.com/go-playground/webhooks/v6 v6.3.0 h1:zBLUxK1Scxwi97TmZt5j/B/rLlard2zY7P77FHg58FE= -github.com/go-playground/webhooks/v6 v6.3.0/go.mod h1:GCocmfMtpJdkEOM1uG9p2nXzg1kY5X/LtvQgtPHUaaA= +github.com/go-playground/webhooks/v6 v6.4.0 h1:KLa6y7bD19N48rxJDHM0DpE3T4grV7GxMy1b/aHMWPY= +github.com/go-playground/webhooks/v6 v6.4.0/go.mod h1:5lBxopx+cAJiBI4+kyRbuHrEi+hYRDdRHuRR4Ya5Ums= github.com/go-redis/cache/v9 v9.0.0 h1:0thdtFo0xJi0/WXbRVu8B066z8OvVymXTJGaXrVWnN0= github.com/go-redis/cache/v9 v9.0.0/go.mod h1:cMwi1N8ASBOufbIvk7cdXe2PbPjK/WMRL95FFHWsSgI= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -1029,41 +368,22 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= -github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= -github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= -github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= -github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= -github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= -github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= -github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= -github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= -github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= -github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= -github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= -github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= -github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= -github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= -github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= -github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= -github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= -github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= -github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= -github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= -github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8= +github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU= +github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= -github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo= +github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og= +github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk= +github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355 h1:HTVNOdTWO/gHYeFnr/HwpYwY6tgMcYd+Rgf1XrHnORY= github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355/go.mod h1:cY2AIrMgHm6oOHmR7jY+9TtjzSjQ3iG7tURJG3Y6XH0= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= @@ -1078,41 +398,27 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= -github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= -github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4= +github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= -github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -1120,12 +426,10 @@ github.com/google/go-cmp v0.2.1-0.20190312032427-6f77996f0c42/go.mod h1:8QqcDgzr github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= @@ -1133,12 +437,12 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho= -github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= -github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= +github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= +github.com/google/go-github/v63 v63.0.0 h1:13xwK/wk9alSokujB9lJkuzdmQuVn2QCPeck76wR3nE= +github.com/google/go-github/v63 v63.0.0/go.mod h1:IqbcrgUmIcEaioWrGYei/09o+ge5vhffGOcxrO0AfmA= github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -1148,32 +452,11 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= -github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -1182,49 +465,29 @@ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= -github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= -github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= -github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM= github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= -github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= -github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= -github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= -github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= -github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= -github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= -github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= -github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= -github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= +github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= +github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gosimple/slug v1.13.1 h1:bQ+kpX9Qa6tHRaK+fZR0A0M2Kd7Pa5eHPPsb1JpHD+Q= -github.com/gosimple/slug v1.13.1/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= +github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= +github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gosimple/slug v1.14.0 h1:RtTL/71mJNDfpUbCOmnf/XFkzKRtD6wL6Uy+3akm4Es= +github.com/gosimple/slug v1.14.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc= github.com/gregdel/pushover v1.2.1 h1:IPPJCdzXz60gMqnlzS0ZAW5z5aS1gI4nU+YM0Pe+ssA= @@ -1240,10 +503,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -1276,14 +537,12 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= -github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/improbable-eng/grpc-web v0.15.0 h1:BN+7z6uNXZ1tQGcNAuaU1YjsLTApzkjt2tzCixLaUPQ= @@ -1292,10 +551,10 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= -github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= -github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= -github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= +github.com/itchyny/gojq v0.12.16 h1:yLfgLxhIr/6sJNVmYfQjTIv0jGctu6/DgDoivmxTr7g= +github.com/itchyny/gojq v0.12.16/go.mod h1:6abHbdC2uB9ogMS38XsErnfqJ94UlngIJGlRAIj4jTM= +github.com/itchyny/timefmt-go v0.1.6 h1:ia3s54iciXDdzWzwaVKXZPbiXzxxnv1SPGFfM/myJ5Q= +github.com/itchyny/timefmt-go v0.1.6/go.mod h1:RRDZYC5s9ErkjQvTvvU7keJjxUYzIISJGxm9/mAERQg= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= @@ -1320,17 +579,11 @@ github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= github.com/k0kubun/pp v3.0.1+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg= -github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= -github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -1338,24 +591,19 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -1364,32 +612,27 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.67 h1:pFQs95TTgrwd3I9gKnas8zTYMVUOId0ZI4N0yqqMEVQ= -github.com/ktrysmt/go-bitbucket v0.9.67/go.mod h1:g4i0XvhrK5dQ+RIZAJmF0XfBvhBEn3Ibt/6YbEyXkXw= +github.com/ktrysmt/go-bitbucket v0.9.80 h1:S+vZTXKx/VG5yCaX4I3Bmwo8lxWr4ifvuHdTboHTMMc= +github.com/ktrysmt/go-bitbucket v0.9.80/go.mod h1:b8ogWEGxQMWoeFnT1ZE4aHIPGindI+9z/zAW/OVFjk0= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= +github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= +github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/lusis/go-slackbot v0.0.0-20180109053408-401027ccfef5/go.mod h1:c2mYKRyMb1BPkO5St0c/ps62L4S0W2NAkaTXj9qEI+0= github.com/lusis/slack-test v0.0.0-20190426140909-c40012f20018/go.mod h1:sFlOUpQL1YcjhFVXhg1CG8ZASEs/Mf1oVb6H75JL/zg= -github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= -github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= -github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/mailgun/mailgun-go v2.0.0+incompatible/go.mod h1:NWTyU+O4aczg/nsGhQnvHL6v2n5Gy6Sv5tNDVvC6FbU= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 h1:A6SLdFpRzUUF5v9F/7T1fu3DERmOCgTwwP6x54eyFfU= github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8/go.mod h1:UtpLyb/EupVKXF/N0b4NRe1DNg+QYJsnsHQ038romhM= -github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -1404,27 +647,22 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= -github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-zglob v0.0.6 h1:mP8RnmCgho4oaUYDIDn6GNxYk+qJGUs8fJLn+twYj2A= +github.com/mattn/go-zglob v0.0.6/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 h1:lYpkrQH5ajf0OXOcUbGjvZxxijuBwbbmlSxLiuofa+g= github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ= -github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.58/go.mod h1:NUDy4A4oXPq1l2yK6LTSvCEzAMeIcoz9lcj5dbzSrRE= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= @@ -1433,16 +671,14 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1452,7 +688,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -1471,7 +706,6 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nlopes/slack v0.5.0/go.mod h1:jVI4BBK3lSktibKahxBF74txcK2vyvkza1z/+rRnVAM= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= @@ -1508,8 +742,10 @@ github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3Ro github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= @@ -1531,14 +767,15 @@ github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+q github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= -github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= @@ -1549,21 +786,17 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5 h1:AnS8ZCC5dle8P4X4FZ+IOlX9v0jAkCMiZDIzRnYwBbs= github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5/go.mod h1:f0ezb0R/mrB9Hpm5RrIS6EX3ydjsR2nAB88nYYXZcNY= +github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= -github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= -github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= @@ -1575,74 +808,69 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= +github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= +github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA= -github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o= -github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= -github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= +github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= -github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/clock v0.0.0-20190514195947-2896927a307a h1:3QH7VyOaaiUHNrA9Se4YQIRkDTCw1EJls9xTUCaCeRM= github.com/rogpeppe/clock v0.0.0-20190514195947-2896927a307a/go.mod h1:4r5QyqhjIWCcK8DO4KMclc5Iknq5qVBAlbYYzAbUScQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE= -github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po= +github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= -github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -1650,12 +878,10 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sethvargo/go-limiter v0.7.2 h1:FgC4N7RMpV5gMrUdda15FaFTkQ/L4fEqM7seXMs4oO8= github.com/sethvargo/go-limiter v0.7.2/go.mod h1:C0kbSFbiriE5k2FFOe18M1YZbAR2Fiwf72uGu0CXCcU= -github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= @@ -1678,17 +904,12 @@ github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM= github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= -github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -1716,13 +937,6 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= -github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= -github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= -github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= -github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= @@ -1740,73 +954,54 @@ github.com/vmihailenco/msgpack/v5 v5.3.4 h1:qMKAwOV+meBw2Y8k9cVwAy7qErtYCwBzZ2el github.com/vmihailenco/msgpack/v5 v5.3.4/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= -github.com/xanzy/go-gitlab v0.91.1 h1:gnV57IPGYywWer32oXKBcdmc8dVxeKl3AauV8Bu17rw= -github.com/xanzy/go-gitlab v0.91.1/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= +github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= -github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= -github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= -github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE= -github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= -github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= -github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= +github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= +github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= -go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= -go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= -go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= -go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= -go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= -go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= +go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= +go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 h1:lsInsfvhVIfOI6qHVyysXMNDnjO9Npvl7tlDPJFBVd4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0/go.mod h1:KQsVNh4OjgjTG0G6EiNi1jVpnaeeKsKMRwbLN+f1+8M= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0 h1:m0yTiGDLUvVYaTFbAvCkVYIYcvwKt3G7OLoN77NUs/8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0/go.mod h1:wBQbT4UekBfegL2nx0Xk1vBcnzyBPsIVm9hRG4fYcr4= +go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= +go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= +go.opentelemetry.io/otel/sdk v1.30.0 h1:cHdik6irO49R5IysVhdn8oaiR9m8XluDaJAs4DfOrYE= +go.opentelemetry.io/otel/sdk v1.30.0/go.mod h1:p14X4Ok8S+sygzblytT1nqG98QG2KYKv++HE0LY/mhg= +go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= +go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8= +go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -1825,25 +1020,17 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190422183909-d864b10871cd/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= @@ -1854,66 +1041,32 @@ golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= -golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= @@ -1922,8 +1075,10 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1935,70 +1090,35 @@ golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190607181551-461777fb6f67/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= @@ -2006,65 +1126,39 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2073,19 +1167,12 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2095,89 +1182,40 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2185,10 +1223,16 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2198,7 +1242,6 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= @@ -2206,17 +1249,17 @@ golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= @@ -2231,93 +1274,38 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= @@ -2325,15 +1313,17 @@ golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= @@ -2342,315 +1332,68 @@ gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuB gomodules.xyz/notify v0.1.1 h1:1tTuoyswmPvzqPCTEDQK8SZ3ukCxLsonAAwst2+y1a0= gomodules.xyz/notify v0.1.1/go.mod h1:QgQyU4xEA/plJcDeT66J2Go2V7U4c0pD9wjo7HfFil4= gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKSjU= -gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= -gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= -gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= -gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= -gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= -gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= -google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= -google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= -google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= -google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= -google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= -google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= -google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= -google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= -google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= -google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= -google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= -google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= -google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI= -google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= -google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= -google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= -google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91A08= -google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= -google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= -google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= -google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= -google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= -google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= -google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= -google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/api v0.132.0 h1:8t2/+qZ26kAOGSmOiHwVycqVaDg7q3JDILrNi/Z6rvc= google.golang.org/api v0.132.0/go.mod h1:AeTBC6GpJnJSRJjktDcPX0QwtS8pGYZOV6MSuSCusw0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= -google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= -google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= -google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= -google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= -google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= -google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U= -google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= -google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= -google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= -google.golang.org/genproto v0.0.0-20221109142239-94d6d90a7d66/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221201204527-e3fa12d562f3/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= -google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230123190316-2c411cf9d197/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA= -google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA= -google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= -google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= -google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= -google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= -google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= -google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE= @@ -2670,111 +1413,67 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.29.6 h1:eDxIl8+PeEpwbe2YyS5RXJ9vdn4hnKWMBf4WUJP9DQM= -k8s.io/api v0.29.6/go.mod h1:ZuUPMhJV74DJXapldbg6upaHfiOjrBb+0ffUbBi1jaw= -k8s.io/apiextensions-apiserver v0.29.6 h1:tUu1N6Zt9GT8KVcPF5aGDqfISz1mveM4yFh7eL5bxmE= -k8s.io/apiextensions-apiserver v0.29.6/go.mod h1:iw1EbwZat08I219qrQKoFMHGo7J9KxPqMpVKxCbNbCs= -k8s.io/apimachinery v0.29.6 h1:CLjJ5b0hWW7531n/njRE3rnusw3rhVGCFftPfnG54CI= -k8s.io/apimachinery v0.29.6/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= -k8s.io/apiserver v0.29.6 h1:JxgDbpgahOgqoDOf+zVl2mI+rQcHcLQnK6YhhtsjbNs= -k8s.io/apiserver v0.29.6/go.mod h1:HrQwfPWxhwEa+n8/+5YwSF5yT2WXbeyFjqq6KEXHTX8= -k8s.io/cli-runtime v0.29.6 h1:nPbmS6ICW223S0BWTV+sK5xClWe89QB/n16/c5cJwT8= -k8s.io/cli-runtime v0.29.6/go.mod h1:5BzzwnVhtqVJvatDZmSZ6OtiSGqbdn0hKzpRbV3uf5o= -k8s.io/client-go v0.29.6 h1:5E2ebuB/p0F0THuQatyvhDvPL2SIeqwTPrtnrwKob/8= -k8s.io/client-go v0.29.6/go.mod h1:jHZcrQqDplyv20v7eu+iFM4gTpglZSZoMVcKrh8sRGg= -k8s.io/code-generator v0.29.6 h1:Z8T9VMR0mr7V5GG66c6GVAZrIiEy2uFoQwbeVeWLqPA= -k8s.io/code-generator v0.29.6/go.mod h1:7TYnI0dYItL2cKuhhgPSuF3WED9uMdELgbVXFfn/joE= -k8s.io/component-base v0.29.6 h1:XkVJI67FvBgNb/3kKqvaGKokxUrIR0RrksCPNI+JYCs= -k8s.io/component-base v0.29.6/go.mod h1:kIahZm8aw9lV8Vw17LF89REmeBrv5+QEl3v7HsrmITY= -k8s.io/component-helpers v0.29.6 h1:kG/tK0gXPXj6n3Oxn5Eul8nYzer3SejZI3ClwiWkreQ= -k8s.io/component-helpers v0.29.6/go.mod h1:Ltb44cbXci9fy9rytWwYsu8vHfi4fjyQdSwk6UlCR4E= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= +k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= +k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= +k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= +k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA= +k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/code-generator v0.31.0 h1:w607nrMi1KeDKB3/F/J4lIoOgAwc+gV9ZKew4XRfMp8= +k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0= +k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= +k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= +k8s.io/component-helpers v0.31.0 h1:jyRUKA+GX+q19o81k4x94imjNICn+e6Gzi6T89va1/A= +k8s.io/component-helpers v0.31.0/go.mod h1:MrNIvT4iB7wXIseYSWfHUJB/aNUiFvbilp4qDfBQi6s= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-aggregator v0.29.6 h1:jZJjYF58F6kVuGC/kqLfuu7qGHqc2hoVKsDnRj26QRs= -k8s.io/kube-aggregator v0.29.6/go.mod h1:a6z0yORlXVXtGfsVB5PCjh2Soq1S7Wc6fApU6/T2eCE= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/kubectl v0.29.6 h1:hmkOMyH2uSUV16gIB3Qp2dv09fM2+PGEXz5SH1gwp7Y= -k8s.io/kubectl v0.29.6/go.mod h1:IUpyXy2OCbIMuBMAisDHM9shh5/Nseij4w+HIt0aq6A= -k8s.io/kubernetes v1.29.6 h1:jn8kA/oVOAWZOeoorx6xZ4d+KgGp+Evgi90x9bEI/DE= -k8s.io/kubernetes v1.29.6/go.mod h1:28sDhcb87LX5z3GWAKYmLrhrifxi4W9bEWua4DRTIvk= -k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-aggregator v0.31.0 h1:3DqSpmqHF8rey7fY+qYXLJms0tYPhxrgWvjpnKVnS0Y= +k8s.io/kube-aggregator v0.31.0/go.mod h1:Fa+OVSpMQC7zbTTz7/QG7FXe9jZ8usuJQej5sMdCrkM= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg= +k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4= +k8s.io/kubernetes v1.31.0 h1:sYAB12TTWexXKp4RxqJMm/7EC+P0mNOgn4Xdj5eu7HM= +k8s.io/kubernetes v1.31.0/go.mod h1:UTpGn7nxrUrPWw5hNIYTAjodcWIvLakgHpLtfrr6GC8= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427/go.mod h1:ivKkcY8Zxw5ba0jldhZCYYQfGdb2K6u9tbYK1AwMIBc= -lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= -lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= -modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= -modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= -modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= -modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc= -modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw= -modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= -modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= -modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws= -modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo= -modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ= -modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM= -modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= -modernc.org/libc v1.16.0/go.mod h1:N4LD6DBE9cf+Dzf9buBlzVJndKr/iJHG97vGLHYnb5A= -modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU= -modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU= -modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= -modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0= -modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s= -modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= -modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= -modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= -modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= -modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= -modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= -modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= -modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= -modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4= -modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw= -modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw= -modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw= -modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= -modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= -oras.land/oras-go/v2 v2.3.0 h1:lqX1aXdN+DAmDTKjiDyvq85cIaI4RkIKp/PghWlAGIU= -oras.land/oras-go/v2 v2.3.0/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= +oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= +sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= +sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/hack/gen-resources/generators/cluster_generator.go b/hack/gen-resources/generators/cluster_generator.go index 6f125723c35ef..ff5e03e8755fe 100644 --- a/hack/gen-resources/generators/cluster_generator.go +++ b/hack/gen-resources/generators/cluster_generator.go @@ -139,7 +139,7 @@ func (cg *ClusterGenerator) getClusterCredentials(namespace string, releaseSuffi // TODO: also should provision service for vcluster pod func (cg *ClusterGenerator) installVCluster(opts *util.GenerateOpts, namespace string, releaseName string) error { - cmd, err := helm.NewCmd("/tmp", "v3", "") + cmd, err := helm.NewCmd("/tmp", "v3", "", "") if err != nil { return err } @@ -157,22 +157,22 @@ func (cg *ClusterGenerator) getClusterServerUri(namespace string, releaseSuffix return "", err } // TODO: should be moved to service instead pod - log.Printf("Get service for https://" + pod.Status.PodIP + ":8443") + log.Printf("Get service for https://%s:8443", pod.Status.PodIP) return "https://" + pod.Status.PodIP + ":8443", nil } -func (cg *ClusterGenerator) retrieveClusterUri(namespace, releaseSuffix string) (string, error) { +func (cg *ClusterGenerator) retrieveClusterUri(namespace, releaseSuffix string) string { for i := 0; i < 10; i++ { - log.Printf("Attempting to get cluster uri") + log.Print("Attempting to get cluster uri") uri, err := cg.getClusterServerUri(namespace, releaseSuffix) if err != nil { log.Printf("Failed to get cluster uri due to %s", err.Error()) time.Sleep(10 * time.Second) continue } - return uri, nil + return uri } - return "", nil + return "" } func (cg *ClusterGenerator) generate(i int, opts *util.GenerateOpts) error { @@ -208,11 +208,7 @@ func (cg *ClusterGenerator) generate(i int, opts *util.GenerateOpts) error { log.Print("Get cluster server uri") - uri, err := cg.retrieveClusterUri(namespace, releaseSuffix) - if err != nil { - return err - } - + uri := cg.retrieveClusterUri(namespace, releaseSuffix) log.Printf("Cluster server uri is %s", uri) log.Print("Create cluster") diff --git a/hack/generate-actions-list.sh b/hack/generate-actions-list.sh new file mode 100755 index 0000000000000..61b0b4c7aa5ce --- /dev/null +++ b/hack/generate-actions-list.sh @@ -0,0 +1 @@ +find resource_customizations -name action.lua | sed 's/resource_customizations\/\(.*\)\/actions\/\(.*\)\/action.lua/- [\1\/\2](https:\/\/github.com\/argoproj\/argo-cd\/blob\/master\/resource_customizations\/\1\/actions\/\2\/action.lua)/' | sort | uniq > docs/operator-manual/resource_actions_builtin.md \ No newline at end of file diff --git a/hack/generate-mock.sh b/hack/generate-mock.sh new file mode 100755 index 0000000000000..0371b156ac139 --- /dev/null +++ b/hack/generate-mock.sh @@ -0,0 +1,18 @@ +#! /usr/bin/env bash + +set -x +set -o errexit +set -o nounset +set -o pipefail + +# shellcheck disable=SC2128 +PROJECT_ROOT=$( + cd "$(dirname "${BASH_SOURCE}")"/.. + pwd +) +PATH="${PROJECT_ROOT}/dist:${PATH}" + +# output tool versions +mockery --version + +mockery --config ${PROJECT_ROOT}/.mockery.yaml \ No newline at end of file diff --git a/hack/generate-proto.sh b/hack/generate-proto.sh index fa5d7322c7f81..83f542a9d21ab 100755 --- a/hack/generate-proto.sh +++ b/hack/generate-proto.sh @@ -56,6 +56,12 @@ else protoc_include=${PROJECT_ROOT}/dist/protoc-include fi +# go-to-protobuf expects dependency proto files to be in $GOPATH/src. Copy them there. +rm -rf "${GOPATH}/src/github.com/gogo/protobuf" && mkdir -p "${GOPATH}/src/github.com/gogo" && cp -r "${PROJECT_ROOT}/vendor/github.com/gogo/protobuf" "${GOPATH}/src/github.com/gogo" +rm -rf "${GOPATH}/src/k8s.io/apimachinery" && mkdir -p "${GOPATH}/src/k8s.io" && cp -r "${PROJECT_ROOT}/vendor/k8s.io/apimachinery" "${GOPATH}/src/k8s.io" +rm -rf "${GOPATH}/src/k8s.io/api" && mkdir -p "${GOPATH}/src/k8s.io" && cp -r "${PROJECT_ROOT}/vendor/k8s.io/api" "${GOPATH}/src/k8s.io" +rm -rf "${GOPATH}/src/k8s.io/apiextensions-apiserver" && mkdir -p "${GOPATH}/src/k8s.io" && cp -r "${PROJECT_ROOT}/vendor/k8s.io/apiextensions-apiserver" "${GOPATH}/src/k8s.io" + go-to-protobuf \ --go-header-file="${PROJECT_ROOT}"/hack/custom-boilerplate.go.txt \ --packages="$( @@ -68,7 +74,10 @@ go-to-protobuf \ )" \ --proto-import="${PROJECT_ROOT}"/vendor \ --proto-import="${protoc_include}" \ - --output-base="${GOPATH}/src/" + --output-dir="${GOPATH}/src/" + +# go-to-protobuf modifies vendored code. Re-vendor code so it's available for subsequent steps. +go mod vendor # Either protoc-gen-go, protoc-gen-gofast, or protoc-gen-gogofast can be used to build # server/*/.pb.go from .proto files. golang/protobuf and gogo/protobuf can be used diff --git a/hack/installers/checksums/add-protoc-checksums.sh b/hack/installers/checksums/add-protoc-checksums.sh new file mode 100755 index 0000000000000..1c13e6cfaefdf --- /dev/null +++ b/hack/installers/checksums/add-protoc-checksums.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env sh + +# Usage: ./add-protoc-checksums.sh 27.2 # use the desired version + +set -e +for arch in aarch_64 ppcle_64 s390_64 x86_64; do + wget "https://github.com/protocolbuffers/protobuf/releases/download/v$1/protoc-$1-linux-$arch.zip" -O "protoc-$1-linux-$arch.zip" + sha256sum "protoc-$1-linux-$arch.zip" > "protoc-$1-linux-$arch.zip.sha256" + rm "protoc-$1-linux-$arch.zip" +done + +for arch in aarch_64 x86_64; do + wget "https://github.com/protocolbuffers/protobuf/releases/download/v$1/protoc-$1-osx-$arch.zip" -O "protoc-$1-osx-$arch.zip" + sha256sum "protoc-$1-osx-$arch.zip" > "protoc-$1-osx-$arch.zip.sha256" + rm "protoc-$1-osx-$arch.zip" +done \ No newline at end of file diff --git a/hack/installers/checksums/kustomize_5.4.3_darwin_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.3_darwin_amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..296ad23aa6ff2 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.4.3_darwin_amd64.tar.gz.sha256 @@ -0,0 +1 @@ +6a708ef727594bbb5f2b8f9f8049375a6028d57fa8897c1f9e78effde4e403a2 kustomize_5.4.3_darwin_amd64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.3_darwin_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.3_darwin_arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..36c2d941fc11d --- /dev/null +++ b/hack/installers/checksums/kustomize_5.4.3_darwin_arm64.tar.gz.sha256 @@ -0,0 +1 @@ +3e159813a5feae46726fb22736b8764f2dbac83ba982c91ccd0244762456272c kustomize_5.4.3_darwin_arm64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.3_linux_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.3_linux_amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..5dbbd76cb3a39 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.4.3_linux_amd64.tar.gz.sha256 @@ -0,0 +1 @@ +3669470b454d865c8184d6bce78df05e977c9aea31c30df3c669317d43bcc7a7 kustomize_5.4.3_linux_amd64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.3_linux_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.3_linux_arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..a825d8b1a7f48 --- /dev/null +++ b/hack/installers/checksums/kustomize_5.4.3_linux_arm64.tar.gz.sha256 @@ -0,0 +1 @@ +1b515578b0af12c15d9856720066ce2fe66756d63785b2cbccaf2885beb2381c kustomize_5.4.3_linux_arm64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.3_linux_ppc64le.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.3_linux_ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..f258e84c6579a --- /dev/null +++ b/hack/installers/checksums/kustomize_5.4.3_linux_ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +56bbb3d0f5e499410932da0b0c347ea3dcd18006a93039e0e993b5193933e721 kustomize_5.4.3_linux_ppc64le.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.3_linux_s390x.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.3_linux_s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..4b4e98494b45d --- /dev/null +++ b/hack/installers/checksums/kustomize_5.4.3_linux_s390x.tar.gz.sha256 @@ -0,0 +1 @@ +c575eba2f46c4701d1897a9b27c422d42d6381adb679435bc3e0d7c0da5abe44 kustomize_5.4.3_linux_s390x.tar.gz diff --git a/hack/installers/checksums/protoc-27.2-linux-aarch_64.zip.sha256 b/hack/installers/checksums/protoc-27.2-linux-aarch_64.zip.sha256 new file mode 100644 index 0000000000000..c5afce5689ae1 --- /dev/null +++ b/hack/installers/checksums/protoc-27.2-linux-aarch_64.zip.sha256 @@ -0,0 +1 @@ +ff4760bd4ae510d533e528cc6deb8e32e53f383f0ec01b0327233b4c2e8db314 protoc-27.2-linux-aarch_64.zip diff --git a/hack/installers/checksums/protoc-27.2-linux-ppcle_64.zip.sha256 b/hack/installers/checksums/protoc-27.2-linux-ppcle_64.zip.sha256 new file mode 100644 index 0000000000000..ca890c445cd74 --- /dev/null +++ b/hack/installers/checksums/protoc-27.2-linux-ppcle_64.zip.sha256 @@ -0,0 +1 @@ +35076bf2074eaef76a88546c09f4894dfe84c3f2d06615c14d87d97850f2d907 protoc-27.2-linux-ppcle_64.zip diff --git a/hack/installers/checksums/protoc-27.2-linux-s390_64.zip.sha256 b/hack/installers/checksums/protoc-27.2-linux-s390_64.zip.sha256 new file mode 100644 index 0000000000000..513a72876d311 --- /dev/null +++ b/hack/installers/checksums/protoc-27.2-linux-s390_64.zip.sha256 @@ -0,0 +1 @@ +4f01c22339734187dc7878507ee80346d63da3989908b716990f40876fc96f30 protoc-27.2-linux-s390_64.zip diff --git a/hack/installers/checksums/protoc-27.2-linux-x86_64.zip.sha256 b/hack/installers/checksums/protoc-27.2-linux-x86_64.zip.sha256 new file mode 100644 index 0000000000000..3e20c6886aef6 --- /dev/null +++ b/hack/installers/checksums/protoc-27.2-linux-x86_64.zip.sha256 @@ -0,0 +1 @@ +4a95e0ea2e51720af86a92f48d4997c8756923a9d0c58fd8a850657cd7479caf protoc-27.2-linux-x86_64.zip diff --git a/hack/installers/checksums/protoc-27.2-osx-aarch_64.zip.sha256 b/hack/installers/checksums/protoc-27.2-osx-aarch_64.zip.sha256 new file mode 100644 index 0000000000000..36e92d7242c85 --- /dev/null +++ b/hack/installers/checksums/protoc-27.2-osx-aarch_64.zip.sha256 @@ -0,0 +1 @@ +877de17b5d2662b96e68a6e208cb1851437ab3e2b419c2ef5b7b873ffac5357d protoc-27.2-osx-aarch_64.zip diff --git a/hack/installers/checksums/protoc-27.2-osx-x86_64.zip.sha256 b/hack/installers/checksums/protoc-27.2-osx-x86_64.zip.sha256 new file mode 100644 index 0000000000000..38b28b6e726ee --- /dev/null +++ b/hack/installers/checksums/protoc-27.2-osx-x86_64.zip.sha256 @@ -0,0 +1 @@ +abc25a236571612d45eb4b6b6e6abe3ac9aecc34b195f76f248786844f5619c7 protoc-27.2-osx-x86_64.zip diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh index 49aba99e500d3..bdb75eed0e1aa 100755 --- a/hack/installers/install-codegen-go-tools.sh +++ b/hack/installers/install-codegen-go-tools.sh @@ -52,3 +52,6 @@ go install github.com/go-swagger/go-swagger/cmd/swagger@v0.30.3 # goimports is used to auto-format generated code go install golang.org/x/tools/cmd/goimports@v0.1.8 + +# mockery is used to generate mock +go install github.com/vektra/mockery/v2@v2.43.2 \ No newline at end of file diff --git a/hack/installers/install-protoc.sh b/hack/installers/install-protoc.sh index 82d491c81c3c0..f0fb244064ef7 100755 --- a/hack/installers/install-protoc.sh +++ b/hack/installers/install-protoc.sh @@ -34,7 +34,7 @@ case $OS in ;; esac -export TARGET_FILE=protoc_${protoc_version}_${OS}_${ARCHITECTURE}.zip +export TARGET_FILE=protoc-${protoc_version}-${protoc_os}-${protoc_arch}.zip url=https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-${protoc_os}-${protoc_arch}.zip [ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} ${url} $(dirname $0)/compare-chksum.sh diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index d61c0e4f46b15..407a6dd14b88b 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -14,5 +14,5 @@ helm3_version=3.15.4 kubectl_version=1.17.8 kubectx_version=0.6.3 -kustomize5_version=5.4.2 -protoc_version=3.17.3 +kustomize5_version=5.4.3 +protoc_version=27.2 diff --git a/hack/update-openapi.sh b/hack/update-openapi.sh index 0250ed45b93ac..39d821b99212a 100755 --- a/hack/update-openapi.sh +++ b/hack/update-openapi.sh @@ -20,10 +20,9 @@ VERSION="v1alpha1" openapi-gen \ --go-header-file ${PROJECT_ROOT}/hack/custom-boilerplate.go.txt \ - --input-dirs github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \ - --output-package github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \ + --output-pkg github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \ --report-filename pkg/apis/api-rules/violation_exceptions.list \ - --output-base "${GOPATH}/src" \ + --output-dir "${GOPATH}/src" \ $@ [ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}" diff --git a/hack/update-supported-versions.sh b/hack/update-supported-versions.sh old mode 100644 new mode 100755 index f4f10aa31a007..caf327a27fc26 --- a/hack/update-supported-versions.sh +++ b/hack/update-supported-versions.sh @@ -11,7 +11,11 @@ for n in 0 1 2; do minor_version_num=$((argocd_minor_version_num - n)) minor_version="${argocd_major_version_num}.${minor_version_num}" git checkout "release-$minor_version" > /dev/null || exit 1 - line=$(yq '.jobs["test-e2e"].strategy.matrix["k3s-version"][]' .github/workflows/ci-build.yaml | \ + + line=$(yq '.jobs["test-e2e"].strategy.matrix | + # k3s-version was an array prior to 2.12. This checks for the old format first and then falls back to the new format. + (.["k3s-version"] // (.k3s | map(.version))) | + .[]' .github/workflows/ci-build.yaml | \ jq --arg minor_version "$minor_version" --raw-input --slurp --raw-output \ 'split("\n")[:-1] | map(sub("\\.[0-9]+$"; "")) | join(", ") | "| \($minor_version) | \(.) |"') out+="$line\n" diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml index 815e4123d05e3..eb5d9610ecbf1 100644 --- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml +++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml @@ -97,6 +97,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -225,6 +243,8 @@ spec: mountPath: /app/config/controller/tls - name: argocd-home mountPath: /home/argocd + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params serviceAccountName: argocd-application-controller affinity: podAntiAffinity: @@ -255,3 +275,10 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index 2219f5f9b4731..d8d24d7a1b5c8 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -100,6 +100,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -234,6 +252,8 @@ spec: mountPath: /app/config/controller/tls - name: argocd-home mountPath: /home/argocd + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params serviceAccountName: argocd-application-controller affinity: podAntiAffinity: @@ -264,3 +284,10 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled \ No newline at end of file diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index 7158cc456e986..e74840bd80c0b 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -158,6 +158,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts diff --git a/manifests/base/dex/argocd-dex-server-deployment.yaml b/manifests/base/dex/argocd-dex-server-deployment.yaml index 7ff5985f44a90..f2d77c6ac1f6a 100644 --- a/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,10 +37,22 @@ spec: type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.38.0 + image: ghcr.io/dexidp/dex:v2.41.1 imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml index 10fc04346acaa..5c39f6d8266fe 100644 --- a/manifests/base/kustomization.yaml +++ b/manifests/base/kustomization.yaml @@ -13,5 +13,5 @@ resources: - ./server - ./config - ./redis +- ./notification - ./applicationset-controller -- ./event-reporter diff --git a/manifests/base/notification/argocd-notifications-controller-deployment.yaml b/manifests/base/notification/argocd-notifications-controller-deployment.yaml index 876a207c16e42..b13acf718f93c 100644 --- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml +++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml @@ -60,6 +60,12 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true workingDir: /app livenessProbe: tcpSocket: diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index 0116a6e6771e8..c591db0d0aa4a 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -40,7 +40,7 @@ spec: serviceAccountName: argocd-redis containers: - name: redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: Always args: - "--save" diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index d37570d26c198..56b479fdcfd44 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -17,331 +17,371 @@ spec: spec: serviceAccountName: argocd-server containers: - - name: argocd-server - image: quay.io/argoproj/argocd:latest - imagePullPolicy: Always - command: [argocd-server] - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: auth - name: argocd-redis - - name: ARGOCD_SERVER_INSECURE - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.insecure - optional: true - - name: ARGOCD_SERVER_BASEHREF - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.basehref - optional: true - - name: ARGOCD_SERVER_ROOTPATH - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.rootpath - optional: true - - name: ARGOCD_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.log.format - optional: true - - name: ARGOCD_SERVER_LOG_LEVEL - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.log.level - optional: true - - name: ARGOCD_SERVER_REPO_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: repo.server - optional: true - - name: ARGOCD_SERVER_DEX_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.dex.server - optional: true - - name: ARGOCD_SERVER_DISABLE_AUTH - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.disable.auth - optional: true - - name: ARGOCD_SERVER_ENABLE_GZIP - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.enable.gzip - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.repo.server.timeout.seconds - optional: true - - name: ARGOCD_SERVER_X_FRAME_OPTIONS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.x.frame.options - optional: true - - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.content.security.policy - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.repo.server.plaintext - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.repo.server.strict.tls - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.dex.server.plaintext - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.dex.server.strict.tls - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.tls.minversion - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.tls.maxversion - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.tls.ciphers - optional: true - - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.connection.status.cache.expiration - optional: true - - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.oidc.cache.expiration - optional: true - - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.login.attempts.expiration - optional: true - - name: ARGOCD_SERVER_STATIC_ASSETS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.staticassets - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.app.state.cache.expiration - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.compression - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.db - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.default.cache.expiration - optional: true - - name: ARGOCD_MAX_COOKIE_NUMBER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.http.cookie.maxnumber - optional: true - - name: ARGOCD_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.listen.address - optional: true - - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.metrics.listen.address - optional: true - - name: ARGOCD_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.address - optional: true - - name: ARGOCD_SERVER_OTLP_INSECURE - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.insecure - optional: true - - name: ARGOCD_SERVER_OTLP_HEADERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.headers - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: application.namespaces - optional: true - - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.enable.proxy.extension - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_MAX - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.k8sclient.retry.max - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.k8sclient.retry.base.backoff - optional: true - - name: ARGOCD_API_CONTENT_TYPES - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.api.content.types - optional: true - volumeMounts: + - name: argocd-server + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + args: + - /usr/local/bin/argocd-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.insecure + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.basehref + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.rootpath + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.format + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.level + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.disable.auth + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.gzip + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.timeout.seconds + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.x.frame.options + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.content.security.policy + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.plaintext + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.strict.tls + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.plaintext + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.strict.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.ciphers + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.connection.status.cache.expiration + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.oidc.cache.expiration + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.login.attempts.expiration + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.staticassets + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.default.cache.expiration + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.http.cookie.maxnumber + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + volumeMounts: + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: argocd-repo-server-tls + mountPath: /app/config/server/tls + - name: argocd-dex-server-tls + mountPath: /app/config/dex/tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /tmp + name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + ports: + - containerPort: 8080 + - containerPort: 8083 + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp - name: ssh-known-hosts - mountPath: /app/config/ssh + configMap: + name: argocd-ssh-known-hosts-cm - name: tls-certs - mountPath: /app/config/tls + configMap: + name: argocd-tls-certs-cm - name: argocd-repo-server-tls - mountPath: /app/config/server/tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt - name: argocd-dex-server-tls - mountPath: /app/config/dex/tls - - mountPath: /home/argocd - name: plugins-home - - mountPath: /tmp - name: tmp - ports: - - containerPort: 8080 - - containerPort: 8083 - livenessProbe: - httpGet: - path: /healthz?full=true - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - volumes: - - emptyDir: {} - name: plugins-home - - emptyDir: {} - name: tmp - - name: ssh-known-hosts - configMap: - name: argocd-ssh-known-hosts-cm - - name: tls-certs - configMap: - name: argocd-tls-certs-cm - - name: argocd-repo-server-tls - secret: - secretName: argocd-repo-server-tls - optional: true - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - - name: argocd-dex-server-tls - secret: - secretName: argocd-dex-server-tls - optional: true - items: - - key: tls.crt - path: tls.crt - - key: ca.crt - path: ca.crt + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - topologyKey: kubernetes.io/hostname - - weight: 5 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + - weight: 5 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 27c98a42c948d..10157ce65142a 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -115,6 +115,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -240,6 +245,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -261,6 +273,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -318,6 +340,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -361,6 +390,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -580,6 +614,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -601,6 +642,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -659,6 +710,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -704,6 +762,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1039,6 +1102,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1060,6 +1130,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1116,6 +1195,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1158,6 +1244,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1370,6 +1461,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1391,6 +1489,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1448,6 +1556,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1491,6 +1606,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1866,6 +1986,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1887,6 +2014,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1945,6 +2082,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1990,6 +2134,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2208,6 +2357,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2230,6 +2386,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2290,6 +2456,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2336,6 +2509,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2568,6 +2746,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -2700,6 +2883,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2724,6 +2914,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2786,6 +2986,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2833,6 +3040,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3062,6 +3274,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3086,6 +3305,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3150,6 +3379,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3198,6 +3434,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3547,6 +3788,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3569,6 +3817,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3629,6 +3887,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3675,6 +3940,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3900,6 +4170,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3924,6 +4201,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3986,6 +4273,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4033,6 +4327,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4405,6 +4704,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4427,6 +4733,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4487,6 +4803,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4533,6 +4856,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4758,6 +5086,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4782,6 +5117,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4844,6 +5189,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4891,6 +5243,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -5119,11 +5476,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5261,6 +5620,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5272,6 +5635,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5303,6 +5670,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5327,6 +5698,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5479,6 +5852,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5490,6 +5867,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5521,6 +5902,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5545,6 +5930,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5720,11 +6107,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5857,6 +6246,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5868,6 +6261,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5899,6 +6296,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5923,6 +6324,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6075,6 +6478,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6086,6 +6493,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6117,6 +6528,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6141,6 +6556,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6456,6 +6873,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6467,6 +6888,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6498,6 +6923,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6522,6 +6951,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6674,6 +7105,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6685,6 +7120,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6716,6 +7155,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6740,6 +7183,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7035,6 +7480,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7046,6 +7495,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7077,6 +7530,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7101,6 +7558,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7253,6 +7712,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7264,6 +7727,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7295,6 +7762,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7319,6 +7790,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7495,11 +7968,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7637,6 +8112,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7648,6 +8127,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7679,8 +8162,12 @@ spec: type: object kustomize: properties: - commonAnnotations: - additionalProperties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: type: string type: object commonAnnotationsEnvsubst: @@ -7703,6 +8190,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7855,6 +8344,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7866,6 +8359,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7897,6 +8394,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7921,6 +8422,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8096,11 +8599,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8233,6 +8738,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8244,6 +8753,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8275,6 +8788,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8299,6 +8816,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8451,6 +8970,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8462,6 +8985,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8493,6 +9020,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8517,6 +9048,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8832,6 +9365,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8843,6 +9380,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8874,6 +9415,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8898,6 +9443,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9050,6 +9597,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9061,6 +9612,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9092,6 +9647,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9116,6 +9675,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9411,6 +9972,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9422,6 +9987,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9453,6 +10022,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9477,6 +10050,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9629,6 +10204,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9640,6 +10219,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9671,6 +10254,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9695,6 +10282,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9998,6 +10587,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10009,6 +10602,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10040,6 +10637,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10064,6 +10665,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10216,6 +10819,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10227,6 +10834,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10258,6 +10869,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10282,6 +10897,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10540,6 +11157,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10615,6 +11259,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10767,6 +11421,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10778,6 +11436,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10809,6 +11471,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10833,6 +11499,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10985,6 +11653,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10996,6 +11668,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11027,6 +11703,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11051,6 +11731,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11299,6 +11981,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11379,6 +12088,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11531,6 +12250,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11542,6 +12265,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11573,6 +12300,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11597,6 +12328,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11749,6 +12482,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11760,6 +12497,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11791,6 +12532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11815,6 +12560,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11986,11 +12733,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12125,6 +12874,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12136,6 +12889,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12167,6 +12924,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12191,6 +12952,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12343,6 +13106,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12354,6 +13121,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12385,6 +13156,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12409,6 +13184,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12587,11 +13364,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12729,6 +13508,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12740,6 +13523,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12771,6 +13558,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12795,6 +13586,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12947,6 +13740,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12958,6 +13755,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12989,6 +13790,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13013,6 +13818,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13188,11 +13995,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13325,6 +14134,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13336,6 +14149,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13367,6 +14184,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13391,6 +14212,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13543,6 +14366,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13554,6 +14381,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13585,6 +14416,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13609,6 +14444,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13924,6 +14761,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13935,6 +14776,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13966,6 +14811,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13990,6 +14839,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14142,6 +14993,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14153,6 +15008,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14184,6 +15043,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14208,6 +15071,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14503,6 +15368,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14514,6 +15383,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14545,6 +15418,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14569,6 +15446,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14721,6 +15600,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14732,6 +15615,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14763,6 +15650,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14787,6 +15678,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15090,6 +15983,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15101,6 +15998,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15132,6 +16033,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15156,6 +16061,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15308,6 +16215,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15319,6 +16230,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15350,6 +16265,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15374,6 +16293,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15632,6 +16553,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -15707,6 +16655,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -15859,6 +16817,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15870,6 +16832,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15901,6 +16867,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15925,6 +16895,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16077,6 +17049,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16088,6 +17064,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16119,6 +17099,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16143,6 +17127,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16391,6 +17377,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -16471,6 +17484,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -16623,6 +17646,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16634,6 +17661,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16665,6 +17696,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16689,6 +17724,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16841,6 +17878,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16852,6 +17893,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16883,6 +17928,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16907,6 +17956,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17078,11 +18129,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17221,6 +18274,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17232,6 +18289,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17263,6 +18324,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17287,6 +18352,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17439,6 +18506,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17450,6 +18521,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17481,6 +18556,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17505,6 +18584,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17807,6 +18888,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17818,6 +18903,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17849,6 +18938,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17873,6 +18966,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18025,6 +19120,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18036,6 +19135,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18067,6 +19170,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18091,6 +19198,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18349,6 +19458,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -18424,6 +19560,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -18576,6 +19722,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18587,6 +19737,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18618,6 +19772,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18642,6 +19800,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18794,6 +19954,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18805,6 +19969,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18836,6 +20004,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18860,6 +20032,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19108,6 +20282,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -19188,6 +20389,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -19340,6 +20551,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -19351,6 +20566,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -19382,6 +20601,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -19406,6 +20629,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19558,6 +20783,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -19569,6 +20798,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -19600,6 +20833,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -19624,6 +20861,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19795,11 +21034,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20009,6 +21250,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -20020,6 +21265,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -20051,6 +21300,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -20075,6 +21328,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -20227,6 +21482,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -20238,6 +21497,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -20269,6 +21532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -20293,6 +21560,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -20629,6 +21898,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment @@ -21434,6 +22729,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/applicationset:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -21527,7 +22828,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: Always name: redis ports: @@ -22011,6 +23312,24 @@ spec: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -22144,6 +23463,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: @@ -22160,6 +23481,13 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 47bd3cdb419fc..ce2d1ad31c7eb 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -114,6 +114,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -239,6 +244,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -260,6 +272,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -317,6 +339,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -360,6 +389,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -579,6 +613,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -600,6 +641,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -658,6 +709,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -703,6 +761,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1038,6 +1101,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1059,6 +1129,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1115,6 +1194,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1157,6 +1243,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1369,6 +1460,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1390,6 +1488,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1447,6 +1555,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1490,6 +1605,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1865,6 +1985,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1886,6 +2013,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1944,6 +2081,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1989,6 +2133,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2207,6 +2356,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2229,6 +2385,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2289,6 +2455,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2335,6 +2508,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2567,6 +2745,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -2699,6 +2882,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2723,6 +2913,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2785,6 +2985,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2832,6 +3039,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3061,6 +3273,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3085,6 +3304,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3149,6 +3378,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3197,6 +3433,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3546,6 +3787,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3568,6 +3816,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3628,6 +3886,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3674,6 +3939,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3899,6 +4169,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3923,6 +4200,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3985,6 +4272,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4032,6 +4326,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4404,6 +4703,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4426,6 +4732,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4486,6 +4802,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4532,6 +4855,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4757,6 +5085,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4781,6 +5116,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4843,6 +5188,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4890,6 +5242,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 88a71417ddbaa..fb9401a97a65a 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -51,11 +51,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -193,6 +195,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -204,6 +210,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -235,6 +245,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -259,6 +273,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -411,6 +427,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -422,6 +442,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -453,6 +477,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -477,6 +505,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -652,11 +682,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -789,6 +821,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -800,6 +836,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -831,6 +871,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -855,6 +899,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1007,6 +1053,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1018,6 +1068,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1049,6 +1103,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1073,6 +1131,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1388,6 +1448,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1399,6 +1463,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1430,6 +1498,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1454,6 +1526,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1606,6 +1680,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1617,6 +1695,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1648,6 +1730,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1672,6 +1758,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1967,6 +2055,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1978,6 +2070,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2009,6 +2105,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2033,6 +2133,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2185,6 +2287,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2196,6 +2302,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2227,6 +2337,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2251,6 +2365,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2427,11 +2543,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2569,6 +2687,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2580,6 +2702,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2611,6 +2737,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2635,6 +2765,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2787,6 +2919,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2798,6 +2934,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2829,6 +2969,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2853,6 +2997,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3028,11 +3174,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3165,6 +3313,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3176,6 +3328,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3207,6 +3363,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3231,6 +3391,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3383,6 +3545,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3394,6 +3560,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3425,6 +3595,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3449,6 +3623,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3764,6 +3940,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3775,6 +3955,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3806,6 +3990,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3830,6 +4018,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3982,6 +4172,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3993,6 +4187,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4024,6 +4222,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4048,6 +4250,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4343,6 +4547,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4354,6 +4562,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4385,6 +4597,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4409,6 +4625,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4561,6 +4779,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4572,6 +4794,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4603,6 +4829,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4627,6 +4857,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4930,6 +5162,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4941,6 +5177,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4972,6 +5212,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4996,6 +5240,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5148,6 +5394,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5159,6 +5409,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5190,6 +5444,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5214,6 +5472,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5472,6 +5732,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -5547,6 +5834,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -5699,6 +5996,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5710,6 +6011,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5741,6 +6046,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5765,6 +6074,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5917,6 +6228,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5928,6 +6243,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5959,6 +6278,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5983,6 +6306,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6231,6 +6556,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -6311,7 +6663,17 @@ spec: type: boolean api: type: string - group: + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: type: string includeSharedProjects: type: boolean @@ -6463,6 +6825,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6474,6 +6840,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6505,6 +6875,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6529,6 +6903,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6681,6 +7057,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6692,6 +7072,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6723,6 +7107,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6747,6 +7135,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6918,11 +7308,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7057,6 +7449,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7068,6 +7464,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7099,6 +7499,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7123,6 +7527,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7275,6 +7681,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7286,6 +7696,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7317,6 +7731,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7341,6 +7759,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7519,11 +7939,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7661,6 +8083,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7672,6 +8098,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7703,6 +8133,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7727,6 +8161,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7879,6 +8315,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7890,6 +8330,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7921,6 +8365,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7945,6 +8393,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8120,11 +8570,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8257,6 +8709,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8268,6 +8724,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8299,6 +8759,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8323,6 +8787,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8475,6 +8941,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8486,6 +8956,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8517,6 +8991,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8541,6 +9019,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8856,6 +9336,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8867,6 +9351,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8898,6 +9386,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8922,6 +9414,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9074,6 +9568,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9085,6 +9583,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9116,6 +9618,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9140,6 +9646,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9435,6 +9943,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9446,6 +9958,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9477,6 +9993,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9501,6 +10021,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9653,6 +10175,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9664,6 +10190,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9695,6 +10225,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9719,6 +10253,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10022,6 +10558,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10033,6 +10573,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10064,6 +10608,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10088,6 +10636,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10240,6 +10790,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10251,6 +10805,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10282,6 +10840,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10306,6 +10868,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10564,6 +11128,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10639,6 +11230,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10791,6 +11392,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10802,6 +11407,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10833,6 +11442,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10857,6 +11470,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11009,6 +11624,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11020,6 +11639,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11051,6 +11674,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11075,6 +11702,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11323,6 +11952,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11403,6 +12059,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11555,6 +12221,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11566,6 +12236,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11597,6 +12271,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11621,6 +12299,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11773,6 +12453,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11784,6 +12468,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11815,6 +12503,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11839,6 +12531,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12010,11 +12704,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12153,6 +12849,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12164,6 +12864,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12195,6 +12899,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12219,6 +12927,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12371,6 +13081,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12382,6 +13096,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12413,6 +13131,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12437,6 +13159,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12739,6 +13463,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12750,6 +13478,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12781,6 +13513,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12805,6 +13541,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12957,6 +13695,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12968,6 +13710,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12999,6 +13745,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13023,6 +13773,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13281,6 +14033,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -13356,6 +14135,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -13508,6 +14297,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13519,6 +14312,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13550,6 +14347,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13574,6 +14375,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13726,6 +14529,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13737,6 +14544,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13768,6 +14579,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13792,6 +14607,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14040,6 +14857,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -14120,6 +14964,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -14272,6 +15126,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14283,6 +15141,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14314,6 +15176,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14338,6 +15204,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14490,6 +15358,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14501,6 +15373,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14532,6 +15408,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14556,6 +15436,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14727,11 +15609,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14941,6 +15825,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14952,6 +15840,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14983,6 +15875,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15007,6 +15903,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15159,6 +16057,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15170,6 +16072,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15201,6 +16107,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15225,6 +16135,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 2ebe3c2f4e325..a72a8de146939 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -85,6 +85,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment diff --git a/manifests/ha/base/kustomization.yaml b/manifests/ha/base/kustomization.yaml index c963eaa45dc22..b2467bfc0aaf4 100644 --- a/manifests/ha/base/kustomization.yaml +++ b/manifests/ha/base/kustomization.yaml @@ -20,4 +20,5 @@ resources: - ../../base/repo-server - ../../base/server - ../../base/config +- ../../base/notification - ./redis-ha diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index 8b1a55cf8b015..a9963b70cce1d 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -1219,7 +1219,7 @@ spec: automountServiceAccountToken: false initContainers: - name: config-init - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1258,7 +1258,7 @@ spec: containers: - name: redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - redis-server @@ -1321,7 +1321,7 @@ spec: - /bin/sh - /readonly-config/trigger-failover-if-master.sh - name: sentinel - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - redis-sentinel @@ -1378,7 +1378,7 @@ spec: {} - name: split-brain-fix - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - sh diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index 0fa78f61bd353..fdf1846bcef5b 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -14,7 +14,6 @@ redis-ha: IPv6: enabled: false image: - repository: public.ecr.aws/docker/library/haproxy tag: 2.6.17-alpine containerSecurityContext: null timeout: @@ -24,7 +23,6 @@ redis-ha: metrics: enabled: true image: - repository: public.ecr.aws/docker/library/haproxy tag: 7.0.15-alpine containerSecurityContext: null sentinel: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index b8b15968b4b0d..be36496db359e 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -115,6 +115,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -240,6 +245,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -261,6 +273,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -318,6 +340,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -361,6 +390,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -580,6 +614,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -601,6 +642,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -659,6 +710,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -704,6 +762,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1039,6 +1102,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1060,6 +1130,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1116,6 +1195,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1158,6 +1244,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1370,6 +1461,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1391,6 +1489,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1448,6 +1556,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1491,6 +1606,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1866,6 +1986,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1887,6 +2014,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1945,6 +2082,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1990,6 +2134,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2208,6 +2357,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2230,6 +2386,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2290,6 +2456,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2336,6 +2509,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2568,6 +2746,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -2700,6 +2883,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2724,6 +2914,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2786,6 +2986,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2833,6 +3040,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3062,6 +3274,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3086,6 +3305,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3150,6 +3379,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3198,6 +3434,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3547,6 +3788,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3569,6 +3817,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3629,6 +3887,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3675,6 +3940,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3900,6 +4170,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3924,6 +4201,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3986,6 +4273,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4033,6 +4327,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4405,6 +4704,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4427,6 +4733,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4487,6 +4803,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4533,6 +4856,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4758,6 +5086,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4782,6 +5117,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4844,6 +5189,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4891,6 +5243,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -5119,11 +5476,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5261,6 +5620,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5272,6 +5635,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5303,6 +5670,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5327,6 +5698,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5479,6 +5852,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5490,6 +5867,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5521,6 +5902,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5545,6 +5930,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5720,11 +6107,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5857,6 +6246,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5868,6 +6261,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5899,6 +6296,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5923,6 +6324,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6075,6 +6478,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6086,6 +6493,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6117,6 +6528,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6141,6 +6556,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6456,6 +6873,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6467,6 +6888,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6498,6 +6923,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6522,6 +6951,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6674,6 +7105,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6685,6 +7120,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6716,6 +7155,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6740,6 +7183,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7035,6 +7480,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7046,6 +7495,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7077,6 +7530,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7101,6 +7558,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7253,6 +7712,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7264,6 +7727,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7295,6 +7762,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7319,6 +7790,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7495,11 +7968,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7637,6 +8112,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7648,6 +8127,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7679,8 +8162,12 @@ spec: type: object kustomize: properties: - commonAnnotations: - additionalProperties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: type: string type: object commonAnnotationsEnvsubst: @@ -7703,6 +8190,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7855,6 +8344,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7866,6 +8359,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7897,6 +8394,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7921,6 +8422,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8096,11 +8599,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8233,6 +8738,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8244,6 +8753,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8275,6 +8788,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8299,6 +8816,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8451,6 +8970,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8462,6 +8985,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8493,6 +9020,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8517,6 +9048,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8832,6 +9365,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8843,6 +9380,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8874,6 +9415,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8898,6 +9443,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9050,6 +9597,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9061,6 +9612,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9092,6 +9647,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9116,6 +9675,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9411,6 +9972,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9422,6 +9987,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9453,6 +10022,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9477,6 +10050,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9629,6 +10204,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9640,6 +10219,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9671,6 +10254,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9695,6 +10282,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9998,6 +10587,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10009,6 +10602,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10040,6 +10637,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10064,6 +10665,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10216,6 +10819,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10227,6 +10834,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10258,6 +10869,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10282,6 +10897,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10540,6 +11157,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10615,6 +11259,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10767,6 +11421,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10778,6 +11436,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10809,6 +11471,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10833,6 +11499,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10985,6 +11653,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10996,6 +11668,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11027,6 +11703,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11051,6 +11731,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11299,6 +11981,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11379,6 +12088,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11531,6 +12250,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11542,6 +12265,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11573,6 +12300,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11597,6 +12328,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11749,6 +12482,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11760,6 +12497,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11791,6 +12532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11815,6 +12560,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11986,11 +12733,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12125,6 +12874,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12136,6 +12889,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12167,6 +12924,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12191,6 +12952,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12343,6 +13106,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12354,6 +13121,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12385,6 +13156,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12409,6 +13184,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12587,11 +13364,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12729,6 +13508,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12740,6 +13523,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12771,6 +13558,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12795,6 +13586,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12947,6 +13740,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12958,6 +13755,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12989,6 +13790,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13013,6 +13818,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13188,11 +13995,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13325,6 +14134,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13336,6 +14149,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13367,6 +14184,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13391,6 +14212,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13543,6 +14366,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13554,6 +14381,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13585,8 +14416,12 @@ spec: type: object kustomize: properties: - commonAnnotations: - additionalProperties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: type: string type: object commonAnnotationsEnvsubst: @@ -13609,6 +14444,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13924,6 +14761,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13935,6 +14776,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13966,6 +14811,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13990,6 +14839,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14142,6 +14993,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14153,6 +15008,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14184,6 +15043,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14208,6 +15071,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14503,6 +15368,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14514,6 +15383,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14545,6 +15418,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14569,6 +15446,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14721,6 +15600,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14732,6 +15615,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14763,6 +15650,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14787,6 +15678,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15090,6 +15983,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15101,6 +15998,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15132,6 +16033,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15156,6 +16061,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15308,6 +16215,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15319,6 +16230,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15350,6 +16265,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15374,6 +16293,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15632,6 +16553,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -15707,6 +16655,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -15859,6 +16817,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15870,6 +16832,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15901,6 +16867,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15925,6 +16895,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16077,6 +17049,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16088,6 +17064,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16119,6 +17099,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16143,6 +17127,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16391,6 +17377,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -16471,6 +17484,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -16623,6 +17646,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16634,6 +17661,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16665,6 +17696,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16689,6 +17724,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16841,6 +17878,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16852,6 +17893,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16883,6 +17928,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16907,6 +17956,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17078,11 +18129,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17221,6 +18274,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17232,6 +18289,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17263,6 +18324,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17287,6 +18352,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17439,6 +18506,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17450,6 +18521,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17481,6 +18556,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17505,6 +18584,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17807,6 +18888,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17818,6 +18903,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17849,6 +18938,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17873,6 +18966,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18025,6 +19120,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18036,6 +19135,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18067,6 +19170,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18091,6 +19198,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18349,6 +19458,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -18424,6 +19560,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -18576,6 +19722,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18587,6 +19737,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18618,6 +19772,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18642,6 +19800,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18794,6 +19954,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18805,6 +19969,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18836,7 +20004,11 @@ spec: type: object kustomize: properties: - commonAnnotations: + apiVersions: + items: + type: string + type: array + commonAnnotations: additionalProperties: type: string type: object @@ -18860,6 +20032,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19108,6 +20282,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -19188,6 +20389,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -19340,6 +20551,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -19351,6 +20566,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -19382,6 +20601,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -19406,6 +20629,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19558,6 +20783,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -19569,6 +20798,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -19600,6 +20833,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -19624,6 +20861,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19795,11 +21034,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20009,6 +21250,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -20020,6 +21265,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -20051,6 +21300,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -20075,6 +21328,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -20227,6 +21482,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -20238,6 +21497,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -20269,6 +21532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -20293,6 +21560,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -20629,6 +21898,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment @@ -20902,6 +22197,15 @@ metadata: --- apiVersion: v1 kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount metadata: labels: app.kubernetes.io/component: redis @@ -21074,6 +22378,51 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: redis @@ -21375,6 +22724,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-notifications-controller +subjects: +- kind: ServiceAccount + name: argocd-notifications-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: redis @@ -21500,6 +22865,15 @@ metadata: --- apiVersion: v1 kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-rbac-cm @@ -22272,6 +23646,16 @@ metadata: --- apiVersion: v1 kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: app.kubernetes.io/name: argocd-secret @@ -22345,6 +23729,23 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/component: redis @@ -22671,6 +24072,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/applicationset:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -22750,13 +24157,25 @@ spec: - /shared/argocd-dex - rundex env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.38.0 + image: ghcr.io/dexidp/dex:v2.41.1 imagePullPolicy: Always name: dex ports: @@ -22822,6 +24241,98 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/codefresh/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: labels: app.kubernetes.io/component: redis @@ -23316,8 +24827,6 @@ spec: containers: - args: - /usr/local/bin/argocd-server - command: - - argocd-server env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" @@ -23565,6 +25074,36 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/argocd:latest imagePullPolicy: Always livenessProbe: @@ -23606,6 +25145,8 @@ spec: name: plugins-home - mountPath: /tmp name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm serviceAccountName: argocd-server volumes: - emptyDir: {} @@ -23638,6 +25179,13 @@ spec: path: ca.crt optional: true secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: StatefulSet @@ -23756,6 +25304,24 @@ spec: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -23889,6 +25455,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: @@ -23905,6 +25473,13 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: StatefulSet @@ -23947,7 +25522,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -24007,7 +25582,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -24065,7 +25640,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -24100,7 +25675,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -24199,6 +25774,27 @@ spec: --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 2fc731b03fe4c..6fcdd7b7661b2 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -28,6 +28,15 @@ metadata: --- apiVersion: v1 kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount metadata: labels: app.kubernetes.io/component: redis @@ -200,6 +209,51 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: redis @@ -338,6 +392,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-notifications-controller +subjects: +- kind: ServiceAccount + name: argocd-notifications-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: redis @@ -412,6 +482,15 @@ metadata: --- apiVersion: v1 kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-rbac-cm @@ -1184,6 +1263,16 @@ metadata: --- apiVersion: v1 kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: app.kubernetes.io/name: argocd-secret @@ -1257,6 +1346,23 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/component: redis @@ -1583,6 +1689,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/applicationset:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -1662,13 +1774,25 @@ spec: - /shared/argocd-dex - rundex env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.38.0 + image: ghcr.io/dexidp/dex:v2.41.1 imagePullPolicy: Always name: dex ports: @@ -1734,6 +1858,98 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/codefresh/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: labels: app.kubernetes.io/component: redis @@ -2228,8 +2444,6 @@ spec: containers: - args: - /usr/local/bin/argocd-server - command: - - argocd-server env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" @@ -2477,6 +2691,36 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/argocd:latest imagePullPolicy: Always livenessProbe: @@ -2518,6 +2762,8 @@ spec: name: plugins-home - mountPath: /tmp name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm serviceAccountName: argocd-server volumes: - emptyDir: {} @@ -2550,6 +2796,13 @@ spec: path: ca.crt optional: true secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: StatefulSet @@ -2668,6 +2921,24 @@ spec: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -2801,6 +3072,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: @@ -2817,6 +3090,13 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: StatefulSet @@ -2859,7 +3139,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -2919,7 +3199,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -2977,7 +3257,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -3012,7 +3292,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -3111,6 +3391,27 @@ spec: --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: diff --git a/manifests/install.yaml b/manifests/install.yaml index 2ae1921a1e256..249c236dca671 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -115,6 +115,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -240,6 +245,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -261,6 +273,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -318,6 +340,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -361,6 +390,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -580,6 +614,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -601,6 +642,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -659,6 +710,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -704,6 +762,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1039,6 +1102,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1060,6 +1130,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1116,6 +1195,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1158,6 +1244,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1370,6 +1461,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1391,6 +1489,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1448,6 +1556,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1491,6 +1606,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1866,6 +1986,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1887,6 +2014,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1945,6 +2082,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1990,6 +2134,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2208,6 +2357,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2230,6 +2386,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2290,6 +2456,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2336,6 +2509,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2568,6 +2746,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer changeRevision: type: string changeRevisions: @@ -2700,6 +2883,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2724,6 +2914,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2786,6 +2986,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2833,6 +3040,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3062,6 +3274,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3086,6 +3305,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3150,6 +3379,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3198,6 +3434,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3547,6 +3788,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3569,6 +3817,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3629,6 +3887,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3675,6 +3940,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3900,6 +4170,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3924,6 +4201,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3986,6 +4273,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4033,6 +4327,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4405,6 +4704,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4427,6 +4733,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4487,6 +4803,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4533,6 +4856,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4758,6 +5086,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4782,6 +5117,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4844,6 +5189,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4891,6 +5243,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -5119,11 +5476,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5261,6 +5620,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5272,6 +5635,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5303,6 +5670,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5327,6 +5698,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5479,6 +5852,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5490,6 +5867,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5521,6 +5902,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5545,6 +5930,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5720,11 +6107,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5857,6 +6246,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5868,6 +6261,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5899,6 +6296,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5923,6 +6324,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6075,6 +6478,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6086,6 +6493,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6117,6 +6528,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6141,6 +6556,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6456,6 +6873,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6467,6 +6888,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6498,6 +6923,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6522,6 +6951,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6674,6 +7105,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6685,6 +7120,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6716,6 +7155,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6740,6 +7183,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7035,6 +7480,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7046,6 +7495,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7077,6 +7530,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7101,6 +7558,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7253,6 +7712,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7264,6 +7727,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7295,6 +7762,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7319,6 +7790,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7495,11 +7968,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7637,6 +8112,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7648,6 +8127,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7679,8 +8162,12 @@ spec: type: object kustomize: properties: - commonAnnotations: - additionalProperties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: type: string type: object commonAnnotationsEnvsubst: @@ -7703,6 +8190,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7855,6 +8344,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7866,6 +8359,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7897,6 +8394,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7921,6 +8422,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8096,11 +8599,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8233,6 +8738,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8244,6 +8753,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8275,6 +8788,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8299,6 +8816,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8451,6 +8970,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8462,6 +8985,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8493,6 +9020,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8517,6 +9048,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8832,6 +9365,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8843,6 +9380,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8874,6 +9415,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8898,6 +9443,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9050,6 +9597,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9061,6 +9612,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9092,6 +9647,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9116,6 +9675,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9411,6 +9972,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9422,6 +9987,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9453,6 +10022,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9477,6 +10050,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9629,6 +10204,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9640,6 +10219,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9671,6 +10254,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9695,6 +10282,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9998,6 +10587,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10009,6 +10602,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10040,6 +10637,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10064,6 +10665,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10216,6 +10819,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10227,6 +10834,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10258,6 +10869,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10282,6 +10897,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10540,6 +11157,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10615,6 +11259,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10767,6 +11421,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10778,6 +11436,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10809,6 +11471,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10833,6 +11499,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10985,6 +11653,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10996,6 +11668,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11027,6 +11703,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11051,6 +11731,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11299,6 +11981,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11379,6 +12088,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11531,6 +12250,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11542,6 +12265,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11573,6 +12300,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11597,6 +12328,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11749,6 +12482,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11760,6 +12497,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11791,6 +12532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11815,6 +12560,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11986,11 +12733,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12125,6 +12874,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12136,6 +12889,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12167,6 +12924,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12191,6 +12952,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12343,6 +13106,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12354,6 +13121,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12385,6 +13156,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12409,6 +13184,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12587,11 +13364,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12729,6 +13508,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12740,6 +13523,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12771,6 +13558,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12795,6 +13586,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12947,6 +13740,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12958,6 +13755,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12989,6 +13790,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13013,6 +13818,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13188,11 +13995,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13325,6 +14134,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13336,6 +14149,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13367,6 +14184,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13391,6 +14212,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13543,6 +14366,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13554,6 +14381,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13585,8 +14416,12 @@ spec: type: object kustomize: properties: - commonAnnotations: - additionalProperties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: type: string type: object commonAnnotationsEnvsubst: @@ -13609,6 +14444,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13924,6 +14761,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13935,6 +14776,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13966,6 +14811,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13990,6 +14839,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14142,6 +14993,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14153,6 +15008,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14184,6 +15043,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14208,6 +15071,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14503,6 +15368,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14514,6 +15383,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14545,6 +15418,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14569,6 +15446,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14721,6 +15600,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14732,6 +15615,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14763,6 +15650,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14787,6 +15678,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15090,6 +15983,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15101,6 +15998,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15132,6 +16033,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15156,6 +16061,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15308,6 +16215,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15319,6 +16230,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15350,6 +16265,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15374,6 +16293,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15632,6 +16553,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -15707,6 +16655,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -15859,6 +16817,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15870,6 +16832,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15901,6 +16867,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15925,6 +16895,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16077,6 +17049,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16088,6 +17064,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16119,6 +17099,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16143,6 +17127,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16391,6 +17377,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -16471,6 +17484,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -16623,6 +17646,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16634,6 +17661,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16665,6 +17696,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16689,6 +17724,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -16841,6 +17878,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -16852,6 +17893,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -16883,6 +17928,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -16907,6 +17956,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17078,11 +18129,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17221,6 +18274,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17232,6 +18289,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17263,6 +18324,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17287,6 +18352,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17439,6 +18506,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17450,6 +18521,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17481,6 +18556,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17505,6 +18584,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -17807,6 +18888,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -17818,6 +18903,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -17849,6 +18938,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -17873,6 +18966,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18025,6 +19120,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18036,6 +19135,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18067,6 +19170,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18091,6 +19198,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18349,6 +19458,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -18424,6 +19560,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -18576,6 +19722,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18587,6 +19737,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18618,6 +19772,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -18642,6 +19800,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -18794,6 +19954,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -18805,6 +19969,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -18836,7 +20004,11 @@ spec: type: object kustomize: properties: - commonAnnotations: + apiVersions: + items: + type: string + type: array + commonAnnotations: additionalProperties: type: string type: object @@ -18860,6 +20032,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19108,6 +20282,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -19188,6 +20389,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -19340,6 +20551,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -19351,6 +20566,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -19382,6 +20601,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -19406,6 +20629,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19558,6 +20783,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -19569,6 +20798,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -19600,6 +20833,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -19624,6 +20861,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -19795,11 +21034,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20009,6 +21250,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -20020,6 +21265,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -20051,6 +21300,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -20075,6 +21328,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -20227,6 +21482,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -20238,6 +21497,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -20269,6 +21532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -20293,6 +21560,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -20629,6 +21898,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment @@ -20902,6 +22197,15 @@ metadata: --- apiVersion: v1 kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount metadata: labels: app.kubernetes.io/component: redis @@ -20927,15 +22231,6 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-server --- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter - app.kubernetes.io/part-of: argocd - name: event-reporter ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -21074,78 +22369,79 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller app.kubernetes.io/part-of: argocd - name: argocd-redis + name: argocd-notifications-controller rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch - apiGroups: - "" - resourceNames: - - argocd-redis resources: + - configmaps - secrets verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: - get - apiGroups: - "" + resourceNames: + - argocd-notifications-secret resources: - secrets verbs: - - create + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis app.kubernetes.io/part-of: argocd - name: argocd-server + name: argocd-redis rules: - apiGroups: - "" + resourceNames: + - argocd-redis resources: - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - applicationsets verbs: - - create - get - - list - - watch - - update - - delete - - patch - apiGroups: - "" resources: - - events + - secrets verbs: - create - - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd - name: event-reporter + name: argocd-server rules: - apiGroups: - "" @@ -21397,49 +22693,49 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller app.kubernetes.io/part-of: argocd - name: argocd-redis + name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-redis + name: argocd-notifications-controller subjects: - kind: ServiceAccount - name: argocd-redis + name: argocd-notifications-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis app.kubernetes.io/part-of: argocd - name: argocd-server + name: argocd-redis roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-server + name: argocd-redis subjects: - kind: ServiceAccount - name: argocd-server + name: argocd-redis --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd - name: event-reporter + name: argocd-server roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: event-reporter + name: argocd-server subjects: - kind: ServiceAccount - name: event-reporter + name: argocd-server --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -21518,6 +22814,15 @@ metadata: --- apiVersion: v1 kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-rbac-cm @@ -21559,6 +22864,16 @@ metadata: --- apiVersion: v1 kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: app.kubernetes.io/name: argocd-secret @@ -21632,6 +22947,23 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/component: redis @@ -21705,44 +23037,6 @@ spec: selector: app.kubernetes.io/name: argocd-server --- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter - app.kubernetes.io/part-of: argocd - name: event-reporter -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8088 - - name: https - port: 443 - protocol: TCP - targetPort: 8088 - selector: - app.kubernetes.io/name: event-reporter ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter-metrics - app.kubernetes.io/part-of: argocd - name: event-reporter-metrics -spec: - ports: - - name: metrics - port: 8087 - protocol: TCP - targetPort: 8087 - selector: - app.kubernetes.io/name: event-reporter ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -21895,6 +23189,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/applicationset:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -21974,13 +23274,25 @@ spec: - /shared/argocd-dex - rundex env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.38.0 + image: ghcr.io/dexidp/dex:v2.41.1 imagePullPolicy: Always name: dex ports: @@ -22046,6 +23358,98 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/codefresh/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: labels: app.kubernetes.io/component: redis @@ -22089,7 +23493,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: Always name: redis ports: @@ -22489,8 +23893,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-server + - args: + - /usr/local/bin/argocd-server env: - name: REDIS_PASSWORD valueFrom: @@ -22731,6 +24135,36 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/argocd:latest imagePullPolicy: Always livenessProbe: @@ -22772,6 +24206,8 @@ spec: name: plugins-home - mountPath: /tmp name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm serviceAccountName: argocd-server volumes: - emptyDir: {} @@ -22804,6 +24240,13 @@ spec: path: ca.crt optional: true secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: StatefulSet @@ -22922,6 +24365,24 @@ spec: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -23055,6 +24516,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: @@ -23071,181 +24534,13 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter - app.kubernetes.io/part-of: argocd - name: event-reporter -spec: - replicas: 5 - selector: - matchLabels: - app.kubernetes.io/name: event-reporter - serviceName: event-reporter - template: - metadata: - labels: - app.kubernetes.io/name: event-reporter - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: event-reporter - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - /usr/local/bin/event-reporter-server - env: - - name: EVENT_REPORTER_REPLICAS - value: "5" - - name: ARGOCD_TOKEN - valueFrom: - secretKeyRef: - key: token - name: argocd-token - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: CODEFRESH_URL - valueFrom: - configMapKeyRef: - key: base-url - name: codefresh-cm - optional: true - - name: CODEFRESH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: codefresh-token - - name: EVENT_REPORTER_INSECURE - valueFrom: - configMapKeyRef: - key: event-reporter.insecure - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: event-reporter.log.format - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_LOG_LEVEL - valueFrom: - configMapKeyRef: - key: event-reporter.log.level - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: event-reporter.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: event-reporter.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: event-reporter.listen.address - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: event-reporter.metrics.listen.address - name: argocd-cmd-params-cm - optional: true - image: quay.io/codefresh/argocd:latest - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz?full=true - port: health - initialDelaySeconds: 3 - periodSeconds: 30 - timeoutSeconds: 5 - name: event-reporter - ports: - - containerPort: 8088 - name: health - - containerPort: 8087 - name: metrics - readinessProbe: - httpGet: - path: /healthz - port: health - initialDelaySeconds: 3 - periodSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/server/tls - name: argocd-repo-server-tls - - mountPath: /tmp - name: tmp - serviceAccountName: event-reporter - volumes: - - emptyDir: {} - name: plugins-home - - emptyDir: {} - name: tmp - - name: argocd-repo-server-tls - secret: + - configMap: items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm optional: true - secretName: argocd-repo-server-tls + name: argocd-cmd-params-cm --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -23310,6 +24605,27 @@ spec: --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 7e947b74a9710..1c56298da092e 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -28,6 +28,15 @@ metadata: --- apiVersion: v1 kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount metadata: labels: app.kubernetes.io/component: redis @@ -53,15 +62,6 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-server --- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter - app.kubernetes.io/part-of: argocd - name: event-reporter ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -200,78 +200,79 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller app.kubernetes.io/part-of: argocd - name: argocd-redis + name: argocd-notifications-controller rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch - apiGroups: - "" - resourceNames: - - argocd-redis resources: + - configmaps - secrets verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: - get - apiGroups: - "" + resourceNames: + - argocd-notifications-secret resources: - secrets verbs: - - create + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis app.kubernetes.io/part-of: argocd - name: argocd-server + name: argocd-redis rules: - apiGroups: - "" + resourceNames: + - argocd-redis resources: - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - applicationsets verbs: - - create - get - - list - - watch - - update - - delete - - patch - apiGroups: - "" resources: - - events + - secrets verbs: - create - - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd - name: event-reporter + name: argocd-server rules: - apiGroups: - "" @@ -360,49 +361,49 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: redis - app.kubernetes.io/name: argocd-redis + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller app.kubernetes.io/part-of: argocd - name: argocd-redis + name: argocd-notifications-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-redis + name: argocd-notifications-controller subjects: - kind: ServiceAccount - name: argocd-redis + name: argocd-notifications-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: server - app.kubernetes.io/name: argocd-server + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis app.kubernetes.io/part-of: argocd - name: argocd-server + name: argocd-redis roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-server + name: argocd-redis subjects: - kind: ServiceAccount - name: argocd-server + name: argocd-redis --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd - name: event-reporter + name: argocd-server roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: event-reporter + name: argocd-server subjects: - kind: ServiceAccount - name: event-reporter + name: argocd-server --- apiVersion: v1 kind: ConfigMap @@ -430,6 +431,15 @@ metadata: --- apiVersion: v1 kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap metadata: labels: app.kubernetes.io/name: argocd-rbac-cm @@ -471,6 +481,16 @@ metadata: --- apiVersion: v1 kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: app.kubernetes.io/name: argocd-secret @@ -544,6 +564,23 @@ spec: --- apiVersion: v1 kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service metadata: labels: app.kubernetes.io/component: redis @@ -617,44 +654,6 @@ spec: selector: app.kubernetes.io/name: argocd-server --- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter - app.kubernetes.io/part-of: argocd - name: event-reporter -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8088 - - name: https - port: 443 - protocol: TCP - targetPort: 8088 - selector: - app.kubernetes.io/name: event-reporter ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter-metrics - app.kubernetes.io/part-of: argocd - name: event-reporter-metrics -spec: - ports: - - name: metrics - port: 8087 - protocol: TCP - targetPort: 8087 - selector: - app.kubernetes.io/name: event-reporter ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -807,6 +806,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/applicationset:latest imagePullPolicy: Always name: argocd-applicationset-controller @@ -886,13 +891,25 @@ spec: - /shared/argocd-dex - rundex env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.38.0 + image: ghcr.io/dexidp/dex:v2.41.1 imagePullPolicy: Always name: dex ports: @@ -958,6 +975,98 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/codefresh/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment metadata: labels: app.kubernetes.io/component: redis @@ -1001,7 +1110,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: Always name: redis ports: @@ -1401,8 +1510,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-server + - args: + - /usr/local/bin/argocd-server env: - name: REDIS_PASSWORD valueFrom: @@ -1643,6 +1752,36 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true image: quay.io/codefresh/argocd:latest imagePullPolicy: Always livenessProbe: @@ -1684,6 +1823,8 @@ spec: name: plugins-home - mountPath: /tmp name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm serviceAccountName: argocd-server volumes: - emptyDir: {} @@ -1716,6 +1857,13 @@ spec: path: ca.crt optional: true secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: StatefulSet @@ -1834,6 +1982,24 @@ spec: key: controller.self.heal.timeout.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -1967,6 +2133,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm workingDir: /home/argocd serviceAccountName: argocd-application-controller volumes: @@ -1983,181 +2151,13 @@ spec: path: ca.crt optional: true secretName: argocd-repo-server-tls ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: event-reporter - app.kubernetes.io/name: event-reporter - app.kubernetes.io/part-of: argocd - name: event-reporter -spec: - replicas: 5 - selector: - matchLabels: - app.kubernetes.io/name: event-reporter - serviceName: event-reporter - template: - metadata: - labels: - app.kubernetes.io/name: event-reporter - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: event-reporter - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containers: - - args: - - /usr/local/bin/event-reporter-server - env: - - name: EVENT_REPORTER_REPLICAS - value: "5" - - name: ARGOCD_TOKEN - valueFrom: - secretKeyRef: - key: token - name: argocd-token - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - key: application.namespaces - name: argocd-cmd-params-cm - optional: true - - name: CODEFRESH_URL - valueFrom: - configMapKeyRef: - key: base-url - name: codefresh-cm - optional: true - - name: CODEFRESH_TOKEN - valueFrom: - secretKeyRef: - key: token - name: codefresh-token - - name: EVENT_REPORTER_INSECURE - valueFrom: - configMapKeyRef: - key: event-reporter.insecure - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_LOGFORMAT - valueFrom: - configMapKeyRef: - key: event-reporter.log.format - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_LOG_LEVEL - valueFrom: - configMapKeyRef: - key: event-reporter.log.level - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_REPO_SERVER - valueFrom: - configMapKeyRef: - key: repo.server - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - key: event-reporter.repo.server.timeout.seconds - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - key: event-reporter.repo.server.plaintext - name: argocd-cmd-params-cm - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - key: redis.server - name: argocd-cmd-params-cm - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - key: redis.db - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: event-reporter.listen.address - name: argocd-cmd-params-cm - optional: true - - name: EVENT_REPORTER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - key: event-reporter.metrics.listen.address - name: argocd-cmd-params-cm - optional: true - image: quay.io/codefresh/argocd:latest - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz?full=true - port: health - initialDelaySeconds: 3 - periodSeconds: 30 - timeoutSeconds: 5 - name: event-reporter - ports: - - containerPort: 8088 - name: health - - containerPort: 8087 - name: metrics - readinessProbe: - httpGet: - path: /healthz - port: health - initialDelaySeconds: 3 - periodSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /app/config/server/tls - name: argocd-repo-server-tls - - mountPath: /tmp - name: tmp - serviceAccountName: event-reporter - volumes: - - emptyDir: {} - name: plugins-home - - emptyDir: {} - name: tmp - - name: argocd-repo-server-tls - secret: + - configMap: items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm optional: true - secretName: argocd-repo-server-tls + name: argocd-cmd-params-cm --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -2222,6 +2222,27 @@ spec: --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: diff --git a/mkdocs.yml b/mkdocs.yml index c9eb3061d4e2e..25c187ab83075 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -128,6 +128,8 @@ nav: - operator-manual/server-commands/additional-configuration-method.md - Upgrading: - operator-manual/upgrading/overview.md + - operator-manual/upgrading/2.12-2.13.md + - operator-manual/upgrading/2.11-2.12.md - operator-manual/upgrading/2.10-2.11.md - operator-manual/upgrading/2.9-2.10.md - operator-manual/upgrading/2.8-2.9.md @@ -208,7 +210,7 @@ nav: - developer-guide/dependencies.md - developer-guide/ci.md - developer-guide/releasing.md - - developer-guide/site.md + - developer-guide/docs-site.md - developer-guide/static-code-analysis.md - Extensions: - developer-guide/extensions/ui-extensions.md diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 4e0b5bce9782b..52164255164ae 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -56,12 +56,6 @@ import ( tls_util "github.com/argoproj/argo-cd/v2/util/tls" ) -// These mocks are not currently used, but they are part of the public API of this package. -//go:generate -command mockery go run github.com/vektra/mockery/v2@v2.40.2 -//go:generate mockery --dir=./session --name=SessionServiceServer --output=./session/mocks -//go:generate mockery --dir=./session --name=SessionServiceClient --output=./session/mocks -//go:generate mockery --dir=./cluster --name=ClusterServiceServer --output=./cluster/mocks - const ( MetaDataTokenKey = "token" // EnvArgoCDServer is the environment variable to look for an Argo CD server address diff --git a/pkg/apiclient/application/forwarder_overwrite.go b/pkg/apiclient/application/forwarder_overwrite.go index 9a4bcae10e5a7..b9f90748ef182 100644 --- a/pkg/apiclient/application/forwarder_overwrite.go +++ b/pkg/apiclient/application/forwarder_overwrite.go @@ -119,7 +119,7 @@ func init() { if container := req.URL.Query().Get("container"); len(container) > 0 && kube.IsValidResourceName(container) { fileName = container } - w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment;filename="%s.txt"`, fileName)) + w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment;filename="%s.log"`, fileName)) for { msg, err := recv() if err != nil { diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index 68db654fe9c4e..1c261252244f9 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -214,6 +214,7 @@ func (m *ApplicationSetResponse) GetApplicationset() *v1alpha1.ApplicationSet { type ApplicationSetCreateRequest struct { Applicationset *v1alpha1.ApplicationSet `protobuf:"bytes,1,opt,name=applicationset,proto3" json:"applicationset,omitempty"` Upsert bool `protobuf:"varint,2,opt,name=upsert,proto3" json:"upsert,omitempty"` + DryRun bool `protobuf:"varint,3,opt,name=dryRun,proto3" json:"dryRun,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -266,6 +267,13 @@ func (m *ApplicationSetCreateRequest) GetUpsert() bool { return false } +func (m *ApplicationSetCreateRequest) GetDryRun() bool { + if m != nil { + return m.DryRun + } + return false +} + type ApplicationSetDeleteRequest struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The application set namespace. Default empty is argocd control plane namespace @@ -378,6 +386,103 @@ func (m *ApplicationSetTreeQuery) GetAppsetNamespace() string { return "" } +// ApplicationSetGetQuery is a query for applicationset resources +type ApplicationSetGenerateRequest struct { + // the applicationsets + ApplicationSet *v1alpha1.ApplicationSet `protobuf:"bytes,1,opt,name=applicationSet,proto3" json:"applicationSet,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ApplicationSetGenerateRequest) Reset() { *m = ApplicationSetGenerateRequest{} } +func (m *ApplicationSetGenerateRequest) String() string { return proto.CompactTextString(m) } +func (*ApplicationSetGenerateRequest) ProtoMessage() {} +func (*ApplicationSetGenerateRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_eacb9df0ce5738fa, []int{6} +} +func (m *ApplicationSetGenerateRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApplicationSetGenerateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ApplicationSetGenerateRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ApplicationSetGenerateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApplicationSetGenerateRequest.Merge(m, src) +} +func (m *ApplicationSetGenerateRequest) XXX_Size() int { + return m.Size() +} +func (m *ApplicationSetGenerateRequest) XXX_DiscardUnknown() { + xxx_messageInfo_ApplicationSetGenerateRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_ApplicationSetGenerateRequest proto.InternalMessageInfo + +func (m *ApplicationSetGenerateRequest) GetApplicationSet() *v1alpha1.ApplicationSet { + if m != nil { + return m.ApplicationSet + } + return nil +} + +// ApplicationSetGenerateResponse is a response for applicationset generate request +type ApplicationSetGenerateResponse struct { + Applications []*v1alpha1.Application `protobuf:"bytes,1,rep,name=applications,proto3" json:"applications,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ApplicationSetGenerateResponse) Reset() { *m = ApplicationSetGenerateResponse{} } +func (m *ApplicationSetGenerateResponse) String() string { return proto.CompactTextString(m) } +func (*ApplicationSetGenerateResponse) ProtoMessage() {} +func (*ApplicationSetGenerateResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_eacb9df0ce5738fa, []int{7} +} +func (m *ApplicationSetGenerateResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApplicationSetGenerateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ApplicationSetGenerateResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ApplicationSetGenerateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApplicationSetGenerateResponse.Merge(m, src) +} +func (m *ApplicationSetGenerateResponse) XXX_Size() int { + return m.Size() +} +func (m *ApplicationSetGenerateResponse) XXX_DiscardUnknown() { + xxx_messageInfo_ApplicationSetGenerateResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_ApplicationSetGenerateResponse proto.InternalMessageInfo + +func (m *ApplicationSetGenerateResponse) GetApplications() []*v1alpha1.Application { + if m != nil { + return m.Applications + } + return nil +} + func init() { proto.RegisterType((*ApplicationSetGetQuery)(nil), "applicationset.ApplicationSetGetQuery") proto.RegisterType((*ApplicationSetListQuery)(nil), "applicationset.ApplicationSetListQuery") @@ -385,6 +490,8 @@ func init() { proto.RegisterType((*ApplicationSetCreateRequest)(nil), "applicationset.ApplicationSetCreateRequest") proto.RegisterType((*ApplicationSetDeleteRequest)(nil), "applicationset.ApplicationSetDeleteRequest") proto.RegisterType((*ApplicationSetTreeQuery)(nil), "applicationset.ApplicationSetTreeQuery") + proto.RegisterType((*ApplicationSetGenerateRequest)(nil), "applicationset.ApplicationSetGenerateRequest") + proto.RegisterType((*ApplicationSetGenerateResponse)(nil), "applicationset.ApplicationSetGenerateResponse") } func init() { @@ -392,43 +499,49 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 573 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0x4f, 0x8b, 0x13, 0x3f, - 0x18, 0xc7, 0xc9, 0x76, 0xe9, 0x6f, 0x37, 0x3f, 0x51, 0x08, 0xb8, 0x5b, 0x47, 0xa9, 0x65, 0x0e, - 0x6b, 0x5d, 0xdd, 0x84, 0x56, 0x4f, 0x7a, 0xf2, 0x0f, 0x2c, 0x42, 0x11, 0x9d, 0x15, 0x05, 0x3d, - 0x48, 0x76, 0xfa, 0x30, 0x3b, 0xee, 0x74, 0x12, 0x93, 0x74, 0x40, 0x16, 0x2f, 0x82, 0xaf, 0xc0, - 0x77, 0xa0, 0x17, 0xc1, 0xab, 0x77, 0xaf, 0x1e, 0x05, 0xdf, 0x80, 0x54, 0x5f, 0x88, 0x4c, 0x66, - 0xda, 0xee, 0x84, 0x6e, 0x2b, 0x58, 0x6f, 0x79, 0xf2, 0xe7, 0x79, 0x3e, 0x79, 0x9e, 0xef, 0x93, - 0xe0, 0x6d, 0x0d, 0x2a, 0x03, 0xc5, 0xb8, 0x94, 0x49, 0x1c, 0x72, 0x13, 0x8b, 0x54, 0x83, 0x71, - 0x4c, 0x2a, 0x95, 0x30, 0x82, 0x9c, 0xae, 0xce, 0x7a, 0x17, 0x22, 0x21, 0xa2, 0x04, 0x18, 0x97, - 0x31, 0xe3, 0x69, 0x2a, 0x4c, 0xb1, 0x52, 0xec, 0xf6, 0x7a, 0x51, 0x6c, 0x0e, 0x86, 0xfb, 0x34, - 0x14, 0x03, 0xc6, 0x55, 0x24, 0xa4, 0x12, 0x2f, 0xec, 0x60, 0x27, 0xec, 0xb3, 0xac, 0xcb, 0xe4, - 0x61, 0x94, 0x9f, 0xd4, 0xc7, 0x63, 0xb1, 0xac, 0xc3, 0x13, 0x79, 0xc0, 0x3b, 0x2c, 0x82, 0x14, - 0x14, 0x37, 0xd0, 0x2f, 0xbc, 0xf9, 0x8f, 0xf1, 0xc6, 0xad, 0xe9, 0xbe, 0x3d, 0x30, 0xbb, 0x60, - 0x1e, 0x0e, 0x41, 0xbd, 0x22, 0x04, 0xaf, 0xa6, 0x7c, 0x00, 0x0d, 0xd4, 0x42, 0xed, 0xf5, 0xc0, - 0x8e, 0x49, 0x1b, 0x9f, 0xe1, 0x52, 0x6a, 0x30, 0xf7, 0xf9, 0x00, 0xb4, 0xe4, 0x21, 0x34, 0x56, - 0xec, 0xb2, 0x3b, 0xed, 0x1f, 0xe1, 0xcd, 0xaa, 0xdf, 0x5e, 0xac, 0x4b, 0xc7, 0x1e, 0x5e, 0xcb, - 0x99, 0x21, 0x34, 0xba, 0x81, 0x5a, 0xb5, 0xf6, 0x7a, 0x30, 0xb1, 0xf3, 0x35, 0x0d, 0x09, 0x84, - 0x46, 0xa8, 0xd2, 0xf3, 0xc4, 0x9e, 0x15, 0xbc, 0x36, 0x3b, 0xf8, 0x47, 0xe4, 0xde, 0x2a, 0x00, - 0x2d, 0xf3, 0xe4, 0x92, 0x06, 0xfe, 0xaf, 0x0c, 0x56, 0x5e, 0x6c, 0x6c, 0x12, 0x83, 0x9d, 0x3a, - 0x58, 0x80, 0xff, 0xbb, 0x3d, 0x3a, 0x4d, 0x38, 0x1d, 0x27, 0xdc, 0x0e, 0x9e, 0x87, 0x7d, 0x9a, - 0x75, 0xa9, 0x3c, 0x8c, 0x68, 0x9e, 0x70, 0x7a, 0xec, 0x38, 0x1d, 0x27, 0x9c, 0x3a, 0x1c, 0x4e, - 0x0c, 0xff, 0x13, 0xc2, 0xe7, 0xab, 0x5b, 0xee, 0x28, 0xe0, 0x06, 0x02, 0x78, 0x39, 0x04, 0x3d, - 0x8b, 0x0a, 0xfd, 0x7b, 0x2a, 0xb2, 0x81, 0xeb, 0x43, 0xa9, 0x41, 0x15, 0x39, 0x58, 0x0b, 0x4a, - 0xcb, 0x7f, 0xe6, 0xc2, 0xde, 0x85, 0x04, 0xa6, 0xb0, 0x7f, 0x27, 0x99, 0x27, 0xae, 0x64, 0x1e, - 0x29, 0x80, 0x25, 0x68, 0xb1, 0xfb, 0xb3, 0x8e, 0xcf, 0x56, 0x3d, 0xef, 0x81, 0xca, 0xe2, 0x10, - 0xc8, 0x07, 0x84, 0x6b, 0xbb, 0x60, 0xc8, 0x16, 0x75, 0x1a, 0x73, 0x76, 0x4f, 0x78, 0x4b, 0xcd, - 0xba, 0xbf, 0xf5, 0xe6, 0xfb, 0xaf, 0x77, 0x2b, 0x2d, 0xd2, 0xb4, 0x9d, 0x9e, 0x75, 0x9c, 0xd7, - 0x41, 0xb3, 0xa3, 0xfc, 0xa2, 0xaf, 0xc9, 0x7b, 0x84, 0x57, 0xf3, 0xf6, 0x21, 0x97, 0xe6, 0x63, - 0x4e, 0x5a, 0xcc, 0x7b, 0xb0, 0x4c, 0xce, 0xdc, 0xad, 0x7f, 0xd1, 0xb2, 0x9e, 0x23, 0x9b, 0x27, - 0xb0, 0x92, 0xcf, 0x08, 0xd7, 0x0b, 0xe9, 0x92, 0x2b, 0xf3, 0x31, 0x2b, 0x02, 0x5f, 0x72, 0x4a, - 0x99, 0xc5, 0xbc, 0xec, 0x9f, 0x84, 0x79, 0xc3, 0x55, 0xfa, 0x5b, 0x84, 0xeb, 0x85, 0x88, 0x17, - 0x61, 0x57, 0xa4, 0xee, 0x2d, 0x50, 0xcc, 0xf8, 0xbd, 0x19, 0xd7, 0x78, 0x7b, 0x51, 0x8d, 0xbf, - 0x20, 0x7c, 0x2a, 0x00, 0x2d, 0x86, 0x2a, 0x84, 0x5c, 0xf7, 0x8b, 0x6a, 0x3d, 0xe9, 0x8d, 0xe5, - 0xd6, 0x3a, 0x77, 0xeb, 0x5f, 0xb7, 0xcc, 0x94, 0x5c, 0x9d, 0xcf, 0xcc, 0x54, 0xc9, 0xbb, 0x63, - 0x14, 0xc0, 0xed, 0x7b, 0x5f, 0x47, 0x4d, 0xf4, 0x6d, 0xd4, 0x44, 0x3f, 0x46, 0x4d, 0xf4, 0xf4, - 0xe6, 0x9f, 0xfd, 0x52, 0x61, 0x12, 0x43, 0xea, 0x7e, 0x8b, 0xfb, 0x75, 0xfb, 0x37, 0x5d, 0xfb, - 0x1d, 0x00, 0x00, 0xff, 0xff, 0xfa, 0x8f, 0x0f, 0xad, 0x45, 0x07, 0x00, 0x00, + // 665 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x96, 0x4f, 0x6b, 0xd4, 0x4e, + 0x18, 0xc7, 0x99, 0xb6, 0x6c, 0xb7, 0xd3, 0xf2, 0xfb, 0xc1, 0x80, 0xed, 0x1a, 0x75, 0x5d, 0x02, + 0xd6, 0xda, 0xda, 0x09, 0x5d, 0x3d, 0xd5, 0x93, 0x7f, 0xa0, 0x14, 0x8a, 0x68, 0x56, 0x14, 0xf4, + 0x20, 0xd3, 0xec, 0x43, 0x1a, 0x9b, 0x4d, 0xc6, 0x99, 0x49, 0xa0, 0x14, 0x2f, 0x82, 0x67, 0x0f, + 0xa2, 0x2f, 0x40, 0x2f, 0xbe, 0x00, 0xef, 0x1e, 0xbc, 0x78, 0x14, 0x7c, 0x03, 0x52, 0x7c, 0x19, + 0x1e, 0x24, 0x93, 0xec, 0xb6, 0x19, 0xf6, 0x4f, 0xc1, 0xe8, 0x2d, 0x4f, 0x66, 0xf2, 0x3c, 0x9f, + 0xf9, 0x3e, 0x4f, 0xbe, 0x0c, 0x5e, 0x95, 0x20, 0x52, 0x10, 0x0e, 0xe3, 0x3c, 0x0c, 0x3c, 0xa6, + 0x82, 0x38, 0x92, 0xa0, 0x8c, 0x90, 0x72, 0x11, 0xab, 0x98, 0xfc, 0x57, 0x7e, 0x6b, 0x9d, 0xf7, + 0xe3, 0xd8, 0x0f, 0xc1, 0x61, 0x3c, 0x70, 0x58, 0x14, 0xc5, 0x2a, 0x5f, 0xc9, 0x77, 0x5b, 0x3b, + 0x7e, 0xa0, 0xf6, 0x92, 0x5d, 0xea, 0xc5, 0x3d, 0x87, 0x09, 0x3f, 0xe6, 0x22, 0x7e, 0xa6, 0x1f, + 0xd6, 0xbd, 0xae, 0x93, 0xb6, 0x1d, 0xbe, 0xef, 0x67, 0x5f, 0xca, 0x93, 0xb5, 0x9c, 0x74, 0x83, + 0x85, 0x7c, 0x8f, 0x6d, 0x38, 0x3e, 0x44, 0x20, 0x98, 0x82, 0x6e, 0x9e, 0xcd, 0x7e, 0x88, 0x17, + 0x6f, 0x1e, 0xef, 0xeb, 0x80, 0xda, 0x02, 0x75, 0x3f, 0x01, 0x71, 0x40, 0x08, 0x9e, 0x89, 0x58, + 0x0f, 0x1a, 0xa8, 0x85, 0x56, 0xe6, 0x5c, 0xfd, 0x4c, 0x56, 0xf0, 0xff, 0x8c, 0x73, 0x09, 0xea, + 0x2e, 0xeb, 0x81, 0xe4, 0xcc, 0x83, 0xc6, 0x94, 0x5e, 0x36, 0x5f, 0xdb, 0x87, 0x78, 0xa9, 0x9c, + 0x77, 0x27, 0x90, 0x45, 0x62, 0x0b, 0xd7, 0x33, 0x66, 0xf0, 0x94, 0x6c, 0xa0, 0xd6, 0xf4, 0xca, + 0x9c, 0x3b, 0x88, 0xb3, 0x35, 0x09, 0x21, 0x78, 0x2a, 0x16, 0x45, 0xe6, 0x41, 0x3c, 0xac, 0xf8, + 0xf4, 0xf0, 0xe2, 0x1f, 0x91, 0x79, 0x2a, 0x17, 0x24, 0xcf, 0xc4, 0x25, 0x0d, 0x3c, 0x5b, 0x14, + 0x2b, 0x0e, 0xd6, 0x0f, 0x89, 0xc2, 0x46, 0x1f, 0x34, 0xc0, 0x7c, 0x7b, 0x87, 0x1e, 0x0b, 0x4e, + 0xfb, 0x82, 0xeb, 0x87, 0xa7, 0x5e, 0x97, 0xa6, 0x6d, 0xca, 0xf7, 0x7d, 0x9a, 0x09, 0x4e, 0x4f, + 0x7c, 0x4e, 0xfb, 0x82, 0x53, 0x83, 0xc3, 0xa8, 0x61, 0x7f, 0x41, 0xf8, 0x5c, 0x79, 0xcb, 0x6d, + 0x01, 0x4c, 0x81, 0x0b, 0xcf, 0x13, 0x90, 0xc3, 0xa8, 0xd0, 0xdf, 0xa7, 0x22, 0x8b, 0xb8, 0x96, + 0x70, 0x09, 0x22, 0xd7, 0xa0, 0xee, 0x16, 0x51, 0xf6, 0xbe, 0x2b, 0x0e, 0xdc, 0x24, 0xd2, 0xca, + 0xd7, 0xdd, 0x22, 0xb2, 0x9f, 0x98, 0x87, 0xb8, 0x03, 0x21, 0x1c, 0x1f, 0xe2, 0xcf, 0x46, 0xe9, + 0x91, 0x39, 0x4a, 0x0f, 0x04, 0x40, 0x15, 0x33, 0xfa, 0x16, 0xe1, 0x0b, 0xe6, 0xf0, 0xe7, 0x7f, + 0xc7, 0x70, 0xf5, 0x3b, 0xff, 0x40, 0xfd, 0x0e, 0x28, 0xfb, 0x35, 0xc2, 0xcd, 0x51, 0x5c, 0xc5, + 0x18, 0xf7, 0xf0, 0xc2, 0xc9, 0x96, 0xe9, 0xff, 0x68, 0xbe, 0xbd, 0x5d, 0x19, 0x96, 0x5b, 0x4a, + 0xdf, 0xfe, 0x35, 0x8b, 0xcf, 0x94, 0x89, 0x3a, 0x20, 0xd2, 0xc0, 0x03, 0xf2, 0x01, 0xe1, 0xe9, + 0x2d, 0x50, 0x64, 0x99, 0x1a, 0xd6, 0x36, 0xdc, 0x55, 0xac, 0x4a, 0x95, 0xb3, 0x97, 0x5f, 0x7e, + 0xff, 0xf9, 0x66, 0xaa, 0x45, 0x9a, 0xda, 0x2b, 0xd3, 0x0d, 0xc3, 0x5f, 0xa5, 0x73, 0x98, 0x8d, + 0xc4, 0x0b, 0xf2, 0x0e, 0xe1, 0x7a, 0x5f, 0x43, 0xb2, 0x3e, 0x09, 0xb5, 0x34, 0x03, 0x16, 0x3d, + 0xed, 0xf6, 0xbc, 0x35, 0xf6, 0x9a, 0x66, 0xba, 0x64, 0xb7, 0x46, 0x31, 0xf5, 0x2d, 0x78, 0x13, + 0xad, 0x92, 0xf7, 0x08, 0xcf, 0x64, 0xce, 0x48, 0x2e, 0x8f, 0xaf, 0x32, 0x70, 0x4f, 0xeb, 0x5e, + 0x95, 0x02, 0x66, 0x69, 0xed, 0x8b, 0x1a, 0xf8, 0x2c, 0x59, 0x1a, 0x01, 0x4c, 0x3e, 0x21, 0x5c, + 0xcb, 0x5d, 0x89, 0xac, 0x8d, 0xc7, 0x2c, 0x79, 0x57, 0xc5, 0xbd, 0x76, 0x34, 0xe6, 0x15, 0x7b, + 0x14, 0xe6, 0xa6, 0x69, 0x62, 0xaf, 0x10, 0xae, 0xe5, 0x3e, 0x34, 0x09, 0xbb, 0xe4, 0x56, 0xd6, + 0x84, 0x51, 0x1e, 0x34, 0xba, 0x18, 0xbe, 0xd5, 0x49, 0xc3, 0xf7, 0x19, 0xe1, 0x05, 0x17, 0x64, + 0x9c, 0x08, 0x0f, 0x32, 0xeb, 0x9a, 0xd4, 0xeb, 0x81, 0xbd, 0x55, 0xdb, 0xeb, 0x2c, 0xad, 0x7d, + 0x5d, 0x33, 0x53, 0x72, 0x75, 0x3c, 0xb3, 0x23, 0x0a, 0xde, 0x75, 0x25, 0x00, 0x6e, 0x6d, 0x7f, + 0x3d, 0x6a, 0xa2, 0x6f, 0x47, 0x4d, 0xf4, 0xe3, 0xa8, 0x89, 0x1e, 0xdf, 0x38, 0xdd, 0x05, 0xc4, + 0x0b, 0x03, 0x88, 0xcc, 0x1b, 0xcf, 0x6e, 0x4d, 0x5f, 0x3b, 0xae, 0xfd, 0x0e, 0x00, 0x00, 0xff, + 0xff, 0x05, 0x4d, 0x64, 0x24, 0x20, 0x09, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -445,6 +558,8 @@ const _ = grpc.SupportPackageIsVersion4 type ApplicationSetServiceClient interface { // Get returns an applicationset by name Get(ctx context.Context, in *ApplicationSetGetQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSet, error) + // Generate generates + Generate(ctx context.Context, in *ApplicationSetGenerateRequest, opts ...grpc.CallOption) (*ApplicationSetGenerateResponse, error) //List returns list of applicationset List(ctx context.Context, in *ApplicationSetListQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetList, error) //Create creates an applicationset @@ -472,6 +587,15 @@ func (c *applicationSetServiceClient) Get(ctx context.Context, in *ApplicationSe return out, nil } +func (c *applicationSetServiceClient) Generate(ctx context.Context, in *ApplicationSetGenerateRequest, opts ...grpc.CallOption) (*ApplicationSetGenerateResponse, error) { + out := new(ApplicationSetGenerateResponse) + err := c.cc.Invoke(ctx, "/applicationset.ApplicationSetService/Generate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *applicationSetServiceClient) List(ctx context.Context, in *ApplicationSetListQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetList, error) { out := new(v1alpha1.ApplicationSetList) err := c.cc.Invoke(ctx, "/applicationset.ApplicationSetService/List", in, out, opts...) @@ -512,6 +636,8 @@ func (c *applicationSetServiceClient) ResourceTree(ctx context.Context, in *Appl type ApplicationSetServiceServer interface { // Get returns an applicationset by name Get(context.Context, *ApplicationSetGetQuery) (*v1alpha1.ApplicationSet, error) + // Generate generates + Generate(context.Context, *ApplicationSetGenerateRequest) (*ApplicationSetGenerateResponse, error) //List returns list of applicationset List(context.Context, *ApplicationSetListQuery) (*v1alpha1.ApplicationSetList, error) //Create creates an applicationset @@ -529,6 +655,9 @@ type UnimplementedApplicationSetServiceServer struct { func (*UnimplementedApplicationSetServiceServer) Get(ctx context.Context, req *ApplicationSetGetQuery) (*v1alpha1.ApplicationSet, error) { return nil, status.Errorf(codes.Unimplemented, "method Get not implemented") } +func (*UnimplementedApplicationSetServiceServer) Generate(ctx context.Context, req *ApplicationSetGenerateRequest) (*ApplicationSetGenerateResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Generate not implemented") +} func (*UnimplementedApplicationSetServiceServer) List(ctx context.Context, req *ApplicationSetListQuery) (*v1alpha1.ApplicationSetList, error) { return nil, status.Errorf(codes.Unimplemented, "method List not implemented") } @@ -564,6 +693,24 @@ func _ApplicationSetService_Get_Handler(srv interface{}, ctx context.Context, de return interceptor(ctx, in, info, handler) } +func _ApplicationSetService_Generate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ApplicationSetGenerateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ApplicationSetServiceServer).Generate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/applicationset.ApplicationSetService/Generate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ApplicationSetServiceServer).Generate(ctx, req.(*ApplicationSetGenerateRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _ApplicationSetService_List_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(ApplicationSetListQuery) if err := dec(in); err != nil { @@ -644,6 +791,10 @@ var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ MethodName: "Get", Handler: _ApplicationSetService_Get_Handler, }, + { + MethodName: "Generate", + Handler: _ApplicationSetService_Generate_Handler, + }, { MethodName: "List", Handler: _ApplicationSetService_List_Handler, @@ -826,6 +977,16 @@ func (m *ApplicationSetCreateRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.DryRun { + i-- + if m.DryRun { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } if m.Upsert { i-- if m.Upsert { @@ -933,6 +1094,86 @@ func (m *ApplicationSetTreeQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } +func (m *ApplicationSetGenerateRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApplicationSetGenerateRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApplicationSetGenerateRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.ApplicationSet != nil { + { + size, err := m.ApplicationSet.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintApplicationset(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *ApplicationSetGenerateResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApplicationSetGenerateResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApplicationSetGenerateResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Applications) > 0 { + for iNdEx := len(m.Applications) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Applications[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintApplicationset(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func encodeVarintApplicationset(dAtA []byte, offset int, v uint64) int { offset -= sovApplicationset(v) base := offset @@ -1023,6 +1264,9 @@ func (m *ApplicationSetCreateRequest) Size() (n int) { if m.Upsert { n += 2 } + if m.DryRun { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -1069,6 +1313,40 @@ func (m *ApplicationSetTreeQuery) Size() (n int) { return n } +func (m *ApplicationSetGenerateRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.ApplicationSet != nil { + l = m.ApplicationSet.Size() + n += 1 + l + sovApplicationset(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ApplicationSetGenerateResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Applications) > 0 { + for _, e := range m.Applications { + l = e.Size() + n += 1 + l + sovApplicationset(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func sovApplicationset(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -1541,6 +1819,26 @@ func (m *ApplicationSetCreateRequest) Unmarshal(dAtA []byte) error { } } m.Upsert = bool(v != 0) + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field DryRun", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.DryRun = bool(v != 0) default: iNdEx = preIndex skippy, err := skipApplicationset(dAtA[iNdEx:]) @@ -1793,6 +2091,178 @@ func (m *ApplicationSetTreeQuery) Unmarshal(dAtA []byte) error { } return nil } +func (m *ApplicationSetGenerateRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSetGenerateRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSetGenerateRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ApplicationSet", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ApplicationSet == nil { + m.ApplicationSet = &v1alpha1.ApplicationSet{} + } + if err := m.ApplicationSet.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApplicationset(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApplicationset + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationSetGenerateResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSetGenerateResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSetGenerateResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Applications", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Applications = append(m.Applications, &v1alpha1.Application{}) + if err := m.Applications[len(m.Applications)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApplicationset(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApplicationset + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipApplicationset(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index daad3043c52ca..5a85818bfb3eb 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -105,6 +105,40 @@ func local_request_ApplicationSetService_Get_0(ctx context.Context, marshaler ru } +func request_ApplicationSetService_Generate_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ApplicationSetGenerateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.Generate(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_ApplicationSetService_Generate_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationSetServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ApplicationSetGenerateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.Generate(ctx, &protoReq) + return msg, metadata, err + +} + var ( filter_ApplicationSetService_List_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} ) @@ -366,6 +400,29 @@ func RegisterApplicationSetServiceHandlerServer(ctx context.Context, mux *runtim }) + mux.Handle("POST", pattern_ApplicationSetService_Generate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_ApplicationSetService_Generate_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ApplicationSetService_Generate_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("GET", pattern_ApplicationSetService_List_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -519,6 +576,26 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim }) + mux.Handle("POST", pattern_ApplicationSetService_Generate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_ApplicationSetService_Generate_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ApplicationSetService_Generate_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("GET", pattern_ApplicationSetService_List_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -605,6 +682,8 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim var ( pattern_ApplicationSetService_Get_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "applicationsets", "name"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_ApplicationSetService_Generate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "applicationsets", "generate"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_ApplicationSetService_List_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) pattern_ApplicationSetService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) @@ -617,6 +696,8 @@ var ( var ( forward_ApplicationSetService_Get_0 = runtime.ForwardResponseMessage + forward_ApplicationSetService_Generate_0 = runtime.ForwardResponseMessage + forward_ApplicationSetService_List_0 = runtime.ForwardResponseMessage forward_ApplicationSetService_Create_0 = runtime.ForwardResponseMessage diff --git a/pkg/apiclient/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go b/pkg/apiclient/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go new file mode 100644 index 0000000000000..c50d8d217e77e --- /dev/null +++ b/pkg/apiclient/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go @@ -0,0 +1,180 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + codecommit "github.com/aws/aws-sdk-go/service/codecommit" + + mock "github.com/stretchr/testify/mock" + + request "github.com/aws/aws-sdk-go/aws/request" +) + +// AWSCodeCommitClient is an autogenerated mock type for the AWSCodeCommitClient type +type AWSCodeCommitClient struct { + mock.Mock +} + +// GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetFolderWithContext") + } + + var r0 *codecommit.GetFolderOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) *codecommit.GetFolderOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetFolderOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithContext") + } + + var r0 *codecommit.GetRepositoryOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) *codecommit.GetRepositoryOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.GetRepositoryOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListBranchesWithContext") + } + + var r0 *codecommit.ListBranchesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) *codecommit.ListBranchesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListBranchesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for ListRepositoriesWithContext") + } + + var r0 *codecommit.ListRepositoriesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) *codecommit.ListRepositoriesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*codecommit.ListRepositoriesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSCodeCommitClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSCodeCommitClient { + mock := &AWSCodeCommitClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/apiclient/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go b/pkg/apiclient/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go new file mode 100644 index 0000000000000..b5e9112df0511 --- /dev/null +++ b/pkg/apiclient/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go @@ -0,0 +1,68 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + request "github.com/aws/aws-sdk-go/aws/request" + mock "github.com/stretchr/testify/mock" + + resourcegroupstaggingapi "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" +) + +// AWSTaggingClient is an autogenerated mock type for the AWSTaggingClient type +type AWSTaggingClient struct { + mock.Mock +} + +// GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2 +func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) { + _va := make([]interface{}, len(_a2)) + for _i := range _a2 { + _va[_i] = _a2[_i] + } + var _ca []interface{} + _ca = append(_ca, _a0, _a1) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetResourcesWithContext") + } + + var r0 *resourcegroupstaggingapi.GetResourcesOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok { + return rf(_a0, _a1, _a2...) + } + if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) *resourcegroupstaggingapi.GetResourcesOutput); ok { + r0 = rf(_a0, _a1, _a2...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*resourcegroupstaggingapi.GetResourcesOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) error); ok { + r1 = rf(_a0, _a1, _a2...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewAWSTaggingClient(t interface { + mock.TestingT + Cleanup(func()) +}) *AWSTaggingClient { + mock := &AWSTaggingClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/apiclient/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/pkg/apiclient/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go new file mode 100644 index 0000000000000..902859672cd0e --- /dev/null +++ b/pkg/apiclient/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -0,0 +1,3335 @@ +// Code generated by mockery v2.40.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + core "github.com/microsoft/azure-devops-go-api/azuredevops/core" + git "github.com/microsoft/azure-devops-go-api/azuredevops/git" + + io "io" + + mock "github.com/stretchr/testify/mock" + + webapi "github.com/microsoft/azure-devops-go-api/azuredevops/webapi" +) + +// Client is an autogenerated mock type for the Client type +type Client struct { + mock.Mock +} + +// CreateAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateAttachment") + } + + var r0 *git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateCommitStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateCommitStatus") + } + + var r0 *git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// CreateMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreatePush provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreatePush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for CreateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeleteAttachment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteAttachment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteComment") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteLike provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteLike") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestIterationStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestLabels") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestReviewer") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeletePullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestStatus") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRefFavorite") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepository") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for DeleteRepositoryFromRecycleBin") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// GetAnnotatedTag provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAnnotatedTag") + } + + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitAnnotatedTag) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachmentZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachmentZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetAttachments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetAttachments") + } + + var r0 *[]git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Attachment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlob provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlob") + } + + var r0 *git.GitBlobRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBlobRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBlobsZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBlobsZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranch") + } + + var r0 *git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetBranches provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetBranches") + } + + var r0 *[]git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitBranchStats) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetChanges") + } + + var r0 *git.GitCommitChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPick provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPick") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCherryPickForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCherryPickForRefName") + } + + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCherryPick) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetComments provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetComments") + } + + var r0 *[]git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommit provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommit") + } + + var r0 *git.GitCommit + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommit) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitDiffs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitDiffs") + } + + var r0 *git.GitCommitDiffs + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitCommitDiffs) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetCommitsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetCommitsBatch") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetDeletedRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetDeletedRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequest") + } + + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForkSyncRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequests") + } + + var r0 *[]git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitForkSyncRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetForks provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetForks") + } + + var r0 *[]git.GitRepositoryRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepositoryRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItem provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItem") + } + + var r0 *git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemContent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemContent") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemText provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemText") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItems provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItems") + } + + var r0 *[]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetItemsBatch provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetItemsBatch") + } + + var r0 *[][]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[][]git.GitItem) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetLikes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetLikes") + } + + var r0 *[]webapi.IdentityRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.IdentityRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeBases provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeBases") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetMergeRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetMergeRequest") + } + + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitMerge) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPolicyConfigurations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPolicyConfigurations") + } + + var r0 *git.GitPolicyConfigurationResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPolicyConfigurationResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestById provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestById") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestCommits") + } + + var r0 *git.GetPullRequestCommitsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetPullRequestCommitsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIteration provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIteration") + } + + var r0 *git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationChanges provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationChanges") + } + + var r0 *git.GitPullRequestIterationChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestIterationChanges) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestIterations provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterations") + } + + var r0 *[]git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestIteration) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabel provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabel") + } + + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestLabels provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabels") + } + + var r0 *[]core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]core.WebApiTagDefinition) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestQuery provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestQuery") + } + + var r0 *git.GitPullRequestQuery + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestQuery) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewer provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewer") + } + + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewers") + } + + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.IdentityRefWithVote) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatus provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatus") + } + + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatuses") + } + + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestWorkItemRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestWorkItemRefs") + } + + var r0 *[]webapi.ResourceRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]webapi.ResourceRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequests") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPullRequestsByProject provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPullRequestsByProject") + } + + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPush provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPush") + } + + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushCommits provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushCommits") + } + + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitCommitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetPushes provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetPushes") + } + + var r0 *[]git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPush) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRecycleBinRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRecycleBinRepositories") + } + + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitDeletedRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorite provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorite") + } + + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefFavorites provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefFavorites") + } + + var r0 *[]git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefFavorite) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRefs") + } + + var r0 *git.GetRefsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GetRefsResponseValue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositories provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositories") + } + + var r0 *[]git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRepositoryWithParent provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithParent") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevert provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevert") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetRevertForRefName provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetRevertForRefName") + } + + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRevert) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetStatuses") + } + + var r0 *[]git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitStatus) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetSuggestions provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetSuggestions") + } + + var r0 *[]git.GitSuggestion + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitSuggestion) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetThreads provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetThreads") + } + + var r0 *[]git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTree provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTree") + } + + var r0 *git.GitTreeRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitTreeRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetTreeZip provides a mock function with given fields: _a0, _a1 +func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetTreeZip") + } + + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.ReadCloser) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// QueryImportRequests provides a mock function with given fields: _a0, _a1 +func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for QueryImportRequests") + } + + var r0 *[]git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RestoreRepositoryFromRecycleBin provides a mock function with given fields: _a0, _a1 +func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for RestoreRepositoryFromRecycleBin") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// SharePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for SharePullRequest") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateComment provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateComment") + } + + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.Comment) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateImportRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateImportRequest") + } + + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitImportRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequest provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequest") + } + + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequest) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestIterationStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestIterationStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestProperties provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestProperties") + } + + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(interface{}) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdatePullRequestReviewers provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestReviewers") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdatePullRequestStatuses provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestStatuses") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { + r0 = rf(_a0, _a1) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// UpdateRef provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRef") + } + + var r0 *git.GitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRef) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRefs provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRefs") + } + + var r0 *[]git.GitRefUpdateResult + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*[]git.GitRefUpdateResult) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateRepository provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateRepository") + } + + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitRepository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateThread provides a mock function with given fields: _a0, _a1 +func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for UpdateThread") + } + + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*git.GitPullRequestCommentThread) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/apiclient/cluster/mocks/ClusterServiceServer.go b/pkg/apiclient/cluster/mocks/ClusterServiceServer.go index ae63bfae8810b..27e33721be747 100644 --- a/pkg/apiclient/cluster/mocks/ClusterServiceServer.go +++ b/pkg/apiclient/cluster/mocks/ClusterServiceServer.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/pkg/apiclient/session/mocks/SessionServiceClient.go b/pkg/apiclient/session/mocks/SessionServiceClient.go index 91f0e45c25899..9505a424619d9 100644 --- a/pkg/apiclient/session/mocks/SessionServiceClient.go +++ b/pkg/apiclient/session/mocks/SessionServiceClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/pkg/apiclient/session/mocks/SessionServiceServer.go b/pkg/apiclient/session/mocks/SessionServiceServer.go index 46d8a6d322ce7..710176a62ed23 100644 --- a/pkg/apiclient/session/mocks/SessionServiceServer.go +++ b/pkg/apiclient/session/mocks/SessionServiceServer.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/pkg/apiclient/settings/settings.pb.go b/pkg/apiclient/settings/settings.pb.go index b74110f9005d7..202228f7ef6f1 100644 --- a/pkg/apiclient/settings/settings.pb.go +++ b/pkg/apiclient/settings/settings.pb.go @@ -101,6 +101,8 @@ type Settings struct { ExecEnabled bool `protobuf:"varint,22,opt,name=execEnabled,proto3" json:"execEnabled,omitempty"` ControllerNamespace string `protobuf:"bytes,23,opt,name=controllerNamespace,proto3" json:"controllerNamespace,omitempty"` AppsInAnyNamespaceEnabled bool `protobuf:"varint,24,opt,name=appsInAnyNamespaceEnabled,proto3" json:"appsInAnyNamespaceEnabled,omitempty"` + ImpersonationEnabled bool `protobuf:"varint,25,opt,name=impersonationEnabled,proto3" json:"impersonationEnabled,omitempty"` + InstallationID string `protobuf:"bytes,26,opt,name=installationID,proto3" json:"installationID,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -307,6 +309,20 @@ func (m *Settings) GetAppsInAnyNamespaceEnabled() bool { return false } +func (m *Settings) GetImpersonationEnabled() bool { + if m != nil { + return m.ImpersonationEnabled + } + return false +} + +func (m *Settings) GetInstallationID() string { + if m != nil { + return m.InstallationID + } + return "" +} + type GoogleAnalyticsConfig struct { TrackingID string `protobuf:"bytes,1,opt,name=trackingID,proto3" json:"trackingID,omitempty"` AnonymizeUsers bool `protobuf:"varint,2,opt,name=anonymizeUsers,proto3" json:"anonymizeUsers,omitempty"` @@ -740,83 +756,86 @@ func init() { func init() { proto.RegisterFile("server/settings/settings.proto", fileDescriptor_a480d494da040caa) } var fileDescriptor_a480d494da040caa = []byte{ - // 1215 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xd7, 0xd6, 0x69, 0x62, 0x3f, 0x37, 0x75, 0x32, 0x6d, 0xd3, 0xad, 0x55, 0x12, 0xe3, 0x43, - 0x65, 0x10, 0xac, 0x9b, 0x54, 0x08, 0x54, 0x51, 0x41, 0x6d, 0x57, 0xad, 0x69, 0xda, 0x86, 0x69, - 0xd3, 0x03, 0x97, 0x6a, 0xb2, 0x7e, 0xac, 0x97, 0xac, 0x67, 0x56, 0x33, 0xb3, 0xa6, 0xee, 0x91, - 0x0f, 0xc0, 0x05, 0x3e, 0x0b, 0x07, 0xee, 0x08, 0x8e, 0x48, 0xdc, 0x23, 0x64, 0xf1, 0x41, 0xd0, - 0xce, 0xfe, 0xc9, 0x66, 0xed, 0x14, 0xa4, 0xde, 0x66, 0x7e, 0xbf, 0xf7, 0x6f, 0xde, 0xbc, 0x37, - 0xf3, 0x60, 0x5b, 0xa1, 0x9c, 0xa2, 0xec, 0x2a, 0xd4, 0xda, 0xe7, 0x9e, 0xca, 0x17, 0x4e, 0x28, - 0x85, 0x16, 0x64, 0xcd, 0x0d, 0x22, 0xa5, 0x51, 0x36, 0xaf, 0x7a, 0xc2, 0x13, 0x06, 0xeb, 0xc6, - 0xab, 0x84, 0x6e, 0xde, 0xf4, 0x84, 0xf0, 0x02, 0xec, 0xb2, 0xd0, 0xef, 0x32, 0xce, 0x85, 0x66, - 0xda, 0x17, 0x3c, 0x55, 0x6e, 0xee, 0x7b, 0xbe, 0x1e, 0x47, 0x47, 0x8e, 0x2b, 0x26, 0x5d, 0x26, - 0x8d, 0xfa, 0x77, 0x66, 0xf1, 0xb1, 0x3b, 0xea, 0x4e, 0xf7, 0xba, 0xe1, 0xb1, 0x17, 0x6b, 0xaa, - 0x2e, 0x0b, 0xc3, 0xc0, 0x77, 0x8d, 0x6e, 0x77, 0xba, 0xcb, 0x82, 0x70, 0xcc, 0x76, 0xbb, 0x1e, - 0x72, 0x94, 0x4c, 0xe3, 0x28, 0xb5, 0xf6, 0xe5, 0x7f, 0x58, 0x2b, 0x9f, 0x44, 0xf8, 0x23, 0xb7, - 0xeb, 0x06, 0xcc, 0x9f, 0xa4, 0xf1, 0xb4, 0x1b, 0xb0, 0xfe, 0x3c, 0x65, 0xbf, 0x8e, 0x50, 0xce, - 0xda, 0xbf, 0xd4, 0xa1, 0x9a, 0x21, 0xe4, 0x06, 0x54, 0x22, 0x19, 0xd8, 0x56, 0xcb, 0xea, 0xd4, - 0x7a, 0x6b, 0xf3, 0x93, 0x9d, 0xca, 0x21, 0xdd, 0xa7, 0x31, 0x46, 0x6e, 0x43, 0x6d, 0x84, 0xaf, - 0xfb, 0x82, 0x7f, 0xeb, 0x7b, 0xf6, 0x85, 0x96, 0xd5, 0xa9, 0xef, 0x11, 0x27, 0xcd, 0x8c, 0x33, - 0xc8, 0x18, 0x7a, 0x2a, 0x44, 0xfa, 0x00, 0xb1, 0xff, 0x54, 0xa5, 0x62, 0x54, 0xae, 0xe4, 0x2a, - 0xcf, 0x86, 0x83, 0x7e, 0x42, 0xf5, 0x2e, 0xcf, 0x4f, 0x76, 0xe0, 0x74, 0x4f, 0x0b, 0x6a, 0xa4, - 0x05, 0x75, 0x16, 0x86, 0xfb, 0xec, 0x08, 0x83, 0xc7, 0x38, 0xb3, 0x57, 0xe2, 0xc8, 0x68, 0x11, - 0x22, 0x2f, 0x61, 0x53, 0xa2, 0x12, 0x91, 0x74, 0xf1, 0xd9, 0x14, 0xa5, 0xf4, 0x47, 0xa8, 0xec, - 0x8b, 0xad, 0x4a, 0xa7, 0xbe, 0xd7, 0xc9, 0xbd, 0x65, 0x27, 0x74, 0x68, 0x59, 0xf4, 0x01, 0xd7, - 0x72, 0x46, 0x17, 0x4d, 0x10, 0x07, 0x88, 0xd2, 0x4c, 0x47, 0xaa, 0xc7, 0x46, 0x1e, 0x3e, 0xe0, - 0xec, 0x28, 0xc0, 0x91, 0xbd, 0xda, 0xb2, 0x3a, 0x55, 0xba, 0x84, 0x21, 0x8f, 0xa0, 0x91, 0x54, - 0xc2, 0x7d, 0xce, 0x82, 0x99, 0xf6, 0x5d, 0x65, 0xaf, 0x99, 0x33, 0x6f, 0xe7, 0x51, 0x3c, 0x3c, - 0xcb, 0xa7, 0xc7, 0x2d, 0xab, 0x91, 0x37, 0xb0, 0x71, 0x1c, 0x29, 0x2d, 0x26, 0xfe, 0x1b, 0x7c, - 0x16, 0x9a, 0x6a, 0xb2, 0xab, 0xc6, 0xd4, 0x53, 0xe7, 0xb4, 0x00, 0x9c, 0xac, 0x00, 0xcc, 0xe2, - 0x95, 0x3b, 0x72, 0xa6, 0x7b, 0x4e, 0x78, 0xec, 0x39, 0x71, 0x39, 0x39, 0x85, 0x72, 0x72, 0xb2, - 0x72, 0x72, 0x1e, 0x97, 0xac, 0xd2, 0x05, 0x3f, 0xe4, 0x7d, 0x58, 0x19, 0x63, 0x10, 0xda, 0x35, - 0xe3, 0x6f, 0x3d, 0x0f, 0xfd, 0x11, 0x06, 0x21, 0x35, 0x14, 0xf9, 0x00, 0xd6, 0xc2, 0x20, 0xf2, - 0x7c, 0xae, 0x6c, 0x30, 0x69, 0x6e, 0xe4, 0x52, 0x07, 0x06, 0xa7, 0x19, 0x1f, 0xe7, 0x30, 0x52, - 0x28, 0xf7, 0x45, 0xbc, 0x1b, 0xf8, 0x2a, 0xc9, 0x61, 0x3d, 0xc9, 0xe1, 0x22, 0x43, 0x7e, 0xb4, - 0xe0, 0xba, 0x6b, 0xb2, 0xf2, 0x84, 0x71, 0xe6, 0xe1, 0x04, 0xb9, 0x3e, 0x48, 0x7d, 0x5d, 0x32, - 0xbe, 0x5e, 0xbc, 0x5b, 0x06, 0xfa, 0x4b, 0x8d, 0xd3, 0xf3, 0x9c, 0x92, 0x8f, 0x60, 0x33, 0x4f, - 0xd1, 0x4b, 0x94, 0xca, 0xdc, 0xc5, 0x7a, 0xab, 0xd2, 0xa9, 0xd1, 0x45, 0x82, 0x34, 0xa1, 0x1a, - 0xf9, 0x7d, 0xa5, 0x0e, 0xe9, 0xbe, 0x7d, 0xd9, 0x54, 0x6a, 0xbe, 0x27, 0x1d, 0x68, 0x44, 0x7e, - 0x8f, 0x71, 0x8e, 0xb2, 0x2f, 0xb8, 0x46, 0xae, 0xed, 0x86, 0x11, 0x29, 0xc3, 0x71, 0xc9, 0x67, - 0x50, 0x6c, 0x68, 0x23, 0x29, 0xf9, 0x02, 0x14, 0xdb, 0x0a, 0x99, 0x52, 0xdf, 0x0b, 0x39, 0x3a, - 0x60, 0x5a, 0xa3, 0xe4, 0xf6, 0x66, 0x62, 0xab, 0x04, 0x93, 0x5b, 0x70, 0x59, 0x4b, 0xe6, 0x1e, - 0xfb, 0xdc, 0x7b, 0x82, 0x7a, 0x2c, 0x46, 0x36, 0x31, 0x82, 0x25, 0x34, 0x3e, 0x67, 0xe6, 0xe0, - 0x00, 0xe5, 0x84, 0xf1, 0x38, 0xbe, 0x2b, 0xe6, 0x9e, 0x16, 0x09, 0xf2, 0x21, 0x6c, 0xe4, 0xa0, - 0x50, 0x7e, 0x9c, 0x62, 0xfb, 0xaa, 0xb1, 0xbb, 0x80, 0x97, 0xda, 0x88, 0x0a, 0xa1, 0x0f, 0x65, - 0x60, 0x5f, 0x33, 0xd2, 0x4b, 0x98, 0xf8, 0xf4, 0xf8, 0x1a, 0xdd, 0xac, 0xdf, 0xb6, 0x4c, 0x0c, - 0x45, 0x88, 0xdc, 0x86, 0x2b, 0xae, 0xe0, 0x5a, 0x8a, 0x20, 0x40, 0xf9, 0x94, 0x4d, 0x50, 0x85, - 0xcc, 0x45, 0xfb, 0xba, 0x31, 0xb9, 0x8c, 0x22, 0x9f, 0xc3, 0x0d, 0x16, 0x86, 0x6a, 0xc8, 0xef, - 0xf3, 0x59, 0x8e, 0x66, 0x1e, 0x6c, 0xe3, 0xe1, 0x7c, 0x81, 0xe6, 0xcf, 0x16, 0x6c, 0x2d, 0x7f, - 0x36, 0xc8, 0x06, 0x54, 0x8e, 0x71, 0x96, 0xbc, 0x97, 0x34, 0x5e, 0x92, 0x11, 0x5c, 0x9c, 0xb2, - 0x20, 0xc2, 0xf4, 0x89, 0x7c, 0xc7, 0x86, 0x2d, 0xbb, 0xa5, 0x89, 0xf1, 0xbb, 0x17, 0x3e, 0xb3, - 0xda, 0xaf, 0xe0, 0xda, 0xd2, 0xf7, 0x84, 0x6c, 0x03, 0x64, 0xb7, 0x3b, 0x1c, 0xa4, 0xb1, 0x15, - 0x90, 0xb8, 0x26, 0x18, 0x17, 0x7c, 0x16, 0x97, 0xee, 0xa1, 0x42, 0xa9, 0x4c, 0xac, 0x55, 0x5a, - 0x42, 0xdb, 0x03, 0xb8, 0x9e, 0x3d, 0x9b, 0x69, 0x3b, 0x50, 0x54, 0xa1, 0xe0, 0x0a, 0x8b, 0x4f, - 0x80, 0xf5, 0xf6, 0x27, 0xa0, 0xfd, 0xab, 0x05, 0x2b, 0xf1, 0xe3, 0x41, 0x6c, 0x58, 0x73, 0xc7, - 0xcc, 0xdc, 0x7e, 0x12, 0x53, 0xb6, 0x8d, 0xdb, 0x26, 0x5e, 0xbe, 0xc0, 0xd7, 0xda, 0x84, 0x52, - 0xa3, 0xf9, 0x9e, 0xdc, 0x03, 0x38, 0xf2, 0x39, 0x93, 0xb3, 0x43, 0x19, 0x28, 0xbb, 0x62, 0x9c, - 0xbd, 0x77, 0xe6, 0x55, 0x72, 0x7a, 0x39, 0x9f, 0xbc, 0xe5, 0x05, 0x85, 0xe6, 0x3d, 0x68, 0x94, - 0xe8, 0x25, 0x77, 0x76, 0xb5, 0x78, 0x67, 0xb5, 0x62, 0x8e, 0x6f, 0xc2, 0x6a, 0x72, 0x1e, 0x42, - 0x60, 0x85, 0xb3, 0x09, 0xa6, 0x6a, 0x66, 0xdd, 0xfe, 0x02, 0x6a, 0xf9, 0xc7, 0x47, 0xf6, 0x00, - 0x5c, 0xc1, 0x39, 0xba, 0x5a, 0xc8, 0x2c, 0x2b, 0xa7, 0x1f, 0x64, 0x3f, 0xa3, 0x68, 0x41, 0xaa, - 0x7d, 0x07, 0x6a, 0x39, 0xb1, 0xcc, 0x43, 0x8c, 0xe9, 0x59, 0x98, 0x05, 0x66, 0xd6, 0xed, 0xdf, - 0x2a, 0x50, 0xf8, 0x2c, 0x97, 0xaa, 0x6d, 0xc1, 0xaa, 0xaf, 0x54, 0x84, 0x32, 0x55, 0x4c, 0x77, - 0xa4, 0x03, 0x55, 0x37, 0xf0, 0x91, 0xeb, 0xe1, 0xc0, 0xfc, 0xc7, 0xb5, 0xde, 0xa5, 0xf9, 0xc9, - 0x4e, 0xb5, 0x9f, 0x62, 0x34, 0x67, 0xc9, 0x2e, 0xd4, 0xdd, 0xc0, 0xcf, 0x88, 0xe4, 0xdb, 0xed, - 0x35, 0xe6, 0x27, 0x3b, 0xf5, 0xfe, 0xfe, 0x30, 0x97, 0x2f, 0xca, 0xc4, 0x4e, 0x95, 0x2b, 0xc2, - 0xf4, 0xf3, 0xad, 0xd1, 0x74, 0x47, 0x5e, 0xc1, 0xba, 0x3f, 0x7a, 0x21, 0x8e, 0x91, 0xf7, 0xcd, - 0x20, 0x62, 0xaf, 0x9a, 0xdc, 0xdc, 0x5a, 0x32, 0x09, 0x38, 0xc3, 0xa2, 0xa0, 0xb9, 0xae, 0xde, - 0xe6, 0xfc, 0x64, 0x67, 0x7d, 0x38, 0x28, 0xe0, 0xf4, 0xac, 0x3d, 0x72, 0x17, 0x6c, 0x34, 0xad, - 0x7a, 0xf0, 0xb8, 0xff, 0xe0, 0x7e, 0xa4, 0xc7, 0xc8, 0x75, 0xda, 0x49, 0xe6, 0x07, 0xae, 0xd2, - 0x73, 0xf9, 0xe6, 0x0c, 0xc8, 0xa2, 0xcf, 0x25, 0x25, 0xf2, 0xe4, 0x6c, 0x5b, 0x7f, 0xfa, 0xd6, - 0xb6, 0x4e, 0xa6, 0x30, 0x27, 0x1f, 0x23, 0xe3, 0x71, 0xc6, 0x31, 0xf6, 0x0b, 0xb5, 0xb5, 0xf7, - 0xbb, 0x05, 0x8d, 0xac, 0xbf, 0x9e, 0xa3, 0x9c, 0xfa, 0x2e, 0x92, 0xaf, 0xa0, 0xf2, 0x10, 0x35, - 0xd9, 0x5a, 0x98, 0x5b, 0xcc, 0xac, 0xd6, 0xdc, 0x5c, 0xc0, 0xdb, 0xf6, 0x0f, 0x7f, 0xfd, 0xf3, - 0xd3, 0x05, 0x42, 0x36, 0xcc, 0xfc, 0x39, 0xdd, 0xcd, 0x67, 0x3f, 0x32, 0x06, 0x78, 0x88, 0xf9, - 0x47, 0x76, 0x9e, 0xc9, 0xd6, 0x02, 0x5e, 0xea, 0xf5, 0x76, 0xcb, 0x78, 0x68, 0x12, 0xbb, 0xec, - 0xa1, 0x9b, 0xb6, 0x78, 0xaf, 0xff, 0xc7, 0x7c, 0xdb, 0xfa, 0x73, 0xbe, 0x6d, 0xfd, 0x3d, 0xdf, - 0xb6, 0xbe, 0xf9, 0xe4, 0xff, 0x4d, 0xbc, 0x49, 0xa9, 0xe5, 0xc6, 0x8e, 0x56, 0xcd, 0x7c, 0x7a, - 0xe7, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf1, 0x4f, 0xb0, 0x2d, 0x8e, 0x0b, 0x00, 0x00, + // 1249 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0x4f, 0x6f, 0x1b, 0xb7, + 0x12, 0xc7, 0x46, 0x8e, 0x2d, 0x8d, 0xe3, 0xc8, 0x66, 0x1c, 0x67, 0x23, 0xe4, 0xd9, 0x7a, 0x3a, + 0x04, 0x7a, 0x0f, 0xed, 0x2a, 0x56, 0x50, 0xb4, 0x08, 0x1a, 0xb4, 0x91, 0x14, 0x24, 0x6a, 0x9c, + 0xc4, 0xdd, 0xc4, 0x39, 0xf4, 0x12, 0xd0, 0xab, 0xe9, 0x6a, 0xeb, 0x15, 0xb9, 0x20, 0xb9, 0x6a, + 0x94, 0x63, 0x3f, 0x40, 0x0f, 0x6d, 0x3f, 0x4d, 0xef, 0x45, 0x7b, 0x2c, 0xd0, 0xbb, 0x51, 0x08, + 0xfd, 0x20, 0x05, 0xb9, 0x7f, 0xbc, 0x5e, 0xc9, 0x69, 0x81, 0xdc, 0xc8, 0xdf, 0x6f, 0xfe, 0x71, + 0x38, 0x43, 0x0e, 0xec, 0x4a, 0x14, 0x53, 0x14, 0x1d, 0x89, 0x4a, 0x05, 0xcc, 0x97, 0xf9, 0xc2, + 0x89, 0x04, 0x57, 0x9c, 0xac, 0x79, 0x61, 0x2c, 0x15, 0x8a, 0xc6, 0xb6, 0xcf, 0x7d, 0x6e, 0xb0, + 0x8e, 0x5e, 0x25, 0x74, 0xe3, 0x96, 0xcf, 0xb9, 0x1f, 0x62, 0x87, 0x46, 0x41, 0x87, 0x32, 0xc6, + 0x15, 0x55, 0x01, 0x67, 0xa9, 0x72, 0xe3, 0xc0, 0x0f, 0xd4, 0x38, 0x3e, 0x76, 0x3c, 0x3e, 0xe9, + 0x50, 0x61, 0xd4, 0xbf, 0x31, 0x8b, 0x0f, 0xbd, 0x51, 0x67, 0xda, 0xed, 0x44, 0x27, 0xbe, 0xd6, + 0x94, 0x1d, 0x1a, 0x45, 0x61, 0xe0, 0x19, 0xdd, 0xce, 0x74, 0x9f, 0x86, 0xd1, 0x98, 0xee, 0x77, + 0x7c, 0x64, 0x28, 0xa8, 0xc2, 0x51, 0x6a, 0xed, 0xf3, 0x7f, 0xb0, 0x56, 0x3e, 0x09, 0x0f, 0x46, + 0x5e, 0xc7, 0x0b, 0x69, 0x30, 0x49, 0xe3, 0x69, 0xd5, 0x61, 0xe3, 0x45, 0xca, 0x7e, 0x19, 0xa3, + 0x98, 0xb5, 0x7e, 0xb8, 0x02, 0xd5, 0x0c, 0x21, 0x37, 0xa1, 0x12, 0x8b, 0xd0, 0xb6, 0x9a, 0x56, + 0xbb, 0xd6, 0x5b, 0x9b, 0x9f, 0xee, 0x55, 0x8e, 0xdc, 0x03, 0x57, 0x63, 0xe4, 0x0e, 0xd4, 0x46, + 0xf8, 0xa6, 0xcf, 0xd9, 0xd7, 0x81, 0x6f, 0x5f, 0x6a, 0x5a, 0xed, 0xf5, 0x2e, 0x71, 0xd2, 0xcc, + 0x38, 0x83, 0x8c, 0x71, 0xcf, 0x84, 0x48, 0x1f, 0x40, 0xfb, 0x4f, 0x55, 0x2a, 0x46, 0xe5, 0x5a, + 0xae, 0xf2, 0x7c, 0x38, 0xe8, 0x27, 0x54, 0xef, 0xea, 0xfc, 0x74, 0x0f, 0xce, 0xf6, 0x6e, 0x41, + 0x8d, 0x34, 0x61, 0x9d, 0x46, 0xd1, 0x01, 0x3d, 0xc6, 0xf0, 0x09, 0xce, 0xec, 0x15, 0x1d, 0x99, + 0x5b, 0x84, 0xc8, 0x2b, 0xd8, 0x12, 0x28, 0x79, 0x2c, 0x3c, 0x7c, 0x3e, 0x45, 0x21, 0x82, 0x11, + 0x4a, 0xfb, 0x72, 0xb3, 0xd2, 0x5e, 0xef, 0xb6, 0x73, 0x6f, 0xd9, 0x09, 0x1d, 0xb7, 0x2c, 0xfa, + 0x90, 0x29, 0x31, 0x73, 0x17, 0x4d, 0x10, 0x07, 0x88, 0x54, 0x54, 0xc5, 0xb2, 0x47, 0x47, 0x3e, + 0x3e, 0x64, 0xf4, 0x38, 0xc4, 0x91, 0xbd, 0xda, 0xb4, 0xda, 0x55, 0x77, 0x09, 0x43, 0x1e, 0x43, + 0x3d, 0xa9, 0x84, 0x07, 0x8c, 0x86, 0x33, 0x15, 0x78, 0xd2, 0x5e, 0x33, 0x67, 0xde, 0xcd, 0xa3, + 0x78, 0x74, 0x9e, 0x4f, 0x8f, 0x5b, 0x56, 0x23, 0x6f, 0x61, 0xf3, 0x24, 0x96, 0x8a, 0x4f, 0x82, + 0xb7, 0xf8, 0x3c, 0x32, 0xd5, 0x64, 0x57, 0x8d, 0xa9, 0x67, 0xce, 0x59, 0x01, 0x38, 0x59, 0x01, + 0x98, 0xc5, 0x6b, 0x6f, 0xe4, 0x4c, 0xbb, 0x4e, 0x74, 0xe2, 0x3b, 0xba, 0x9c, 0x9c, 0x42, 0x39, + 0x39, 0x59, 0x39, 0x39, 0x4f, 0x4a, 0x56, 0xdd, 0x05, 0x3f, 0xe4, 0xbf, 0xb0, 0x32, 0xc6, 0x30, + 0xb2, 0x6b, 0xc6, 0xdf, 0x46, 0x1e, 0xfa, 0x63, 0x0c, 0x23, 0xd7, 0x50, 0xe4, 0x7f, 0xb0, 0x16, + 0x85, 0xb1, 0x1f, 0x30, 0x69, 0x83, 0x49, 0x73, 0x3d, 0x97, 0x3a, 0x34, 0xb8, 0x9b, 0xf1, 0x3a, + 0x87, 0xb1, 0x44, 0x71, 0xc0, 0xf5, 0x6e, 0x10, 0xc8, 0x24, 0x87, 0xeb, 0x49, 0x0e, 0x17, 0x19, + 0xf2, 0xbd, 0x05, 0x37, 0x3c, 0x93, 0x95, 0xa7, 0x94, 0x51, 0x1f, 0x27, 0xc8, 0xd4, 0x61, 0xea, + 0xeb, 0x8a, 0xf1, 0xf5, 0xf2, 0xfd, 0x32, 0xd0, 0x5f, 0x6a, 0xdc, 0xbd, 0xc8, 0x29, 0xf9, 0x00, + 0xb6, 0xf2, 0x14, 0xbd, 0x42, 0x21, 0xcd, 0x5d, 0x6c, 0x34, 0x2b, 0xed, 0x9a, 0xbb, 0x48, 0x90, + 0x06, 0x54, 0xe3, 0xa0, 0x2f, 0xe5, 0x91, 0x7b, 0x60, 0x5f, 0x35, 0x95, 0x9a, 0xef, 0x49, 0x1b, + 0xea, 0x71, 0xd0, 0xa3, 0x8c, 0xa1, 0xe8, 0x73, 0xa6, 0x90, 0x29, 0xbb, 0x6e, 0x44, 0xca, 0xb0, + 0x2e, 0xf9, 0x0c, 0xd2, 0x86, 0x36, 0x93, 0x92, 0x2f, 0x40, 0xda, 0x56, 0x44, 0xa5, 0xfc, 0x96, + 0x8b, 0xd1, 0x21, 0x55, 0x0a, 0x05, 0xb3, 0xb7, 0x12, 0x5b, 0x25, 0x98, 0xdc, 0x86, 0xab, 0x4a, + 0x50, 0xef, 0x24, 0x60, 0xfe, 0x53, 0x54, 0x63, 0x3e, 0xb2, 0x89, 0x11, 0x2c, 0xa1, 0xfa, 0x9c, + 0x99, 0x83, 0x43, 0x14, 0x13, 0xca, 0x74, 0x7c, 0xd7, 0xcc, 0x3d, 0x2d, 0x12, 0xe4, 0xff, 0xb0, + 0x99, 0x83, 0x5c, 0x06, 0x3a, 0xc5, 0xf6, 0xb6, 0xb1, 0xbb, 0x80, 0x97, 0xda, 0xc8, 0xe5, 0x5c, + 0x1d, 0x89, 0xd0, 0xbe, 0x6e, 0xa4, 0x97, 0x30, 0xfa, 0xf4, 0xf8, 0x06, 0xbd, 0xac, 0xdf, 0x76, + 0x4c, 0x0c, 0x45, 0x88, 0xdc, 0x81, 0x6b, 0x1e, 0x67, 0x4a, 0xf0, 0x30, 0x44, 0xf1, 0x8c, 0x4e, + 0x50, 0x46, 0xd4, 0x43, 0xfb, 0x86, 0x31, 0xb9, 0x8c, 0x22, 0x9f, 0xc2, 0x4d, 0x1a, 0x45, 0x72, + 0xc8, 0x1e, 0xb0, 0x59, 0x8e, 0x66, 0x1e, 0x6c, 0xe3, 0xe1, 0x62, 0x01, 0xd2, 0x85, 0xed, 0x60, + 0x12, 0xa1, 0x90, 0x9c, 0x99, 0x6a, 0xca, 0x14, 0x6f, 0x1a, 0xc5, 0xa5, 0x9c, 0xce, 0x7b, 0xc0, + 0xa4, 0xa2, 0x61, 0x68, 0xe0, 0xe1, 0xc0, 0x6e, 0x24, 0x79, 0x3f, 0x8f, 0x36, 0x7e, 0xb2, 0x60, + 0x67, 0xf9, 0x93, 0x44, 0x36, 0xa1, 0x72, 0x82, 0xb3, 0xe4, 0x2d, 0x76, 0xf5, 0x92, 0x8c, 0xe0, + 0xf2, 0x94, 0x86, 0x31, 0xa6, 0xcf, 0xef, 0x7b, 0x3e, 0x06, 0x65, 0xb7, 0x6e, 0x62, 0xfc, 0xde, + 0xa5, 0x4f, 0xac, 0xd6, 0x6b, 0xb8, 0xbe, 0xf4, 0xad, 0x22, 0xbb, 0x00, 0x59, 0xe5, 0x0c, 0x07, + 0x69, 0x6c, 0x05, 0x44, 0x9f, 0x9b, 0x32, 0xce, 0x66, 0xba, 0x2d, 0x8e, 0x24, 0x0a, 0x69, 0x62, + 0xad, 0xba, 0x25, 0xb4, 0x35, 0x80, 0x1b, 0xd9, 0x93, 0x9c, 0xb6, 0x9a, 0x8b, 0x32, 0xe2, 0x4c, + 0x62, 0xf1, 0x79, 0xb1, 0xde, 0xfd, 0xbc, 0xb4, 0x7e, 0xb6, 0x60, 0x45, 0x3f, 0x4c, 0xc4, 0x86, + 0x35, 0x6f, 0x4c, 0x4d, 0x65, 0x25, 0x31, 0x65, 0x5b, 0xdd, 0x92, 0x7a, 0xf9, 0x12, 0xdf, 0x28, + 0x13, 0x4a, 0xcd, 0xcd, 0xf7, 0xe4, 0x3e, 0xc0, 0x71, 0xc0, 0xa8, 0x98, 0x1d, 0x89, 0x50, 0xda, + 0x15, 0xe3, 0xec, 0x3f, 0xe7, 0x5e, 0x3c, 0xa7, 0x97, 0xf3, 0xc9, 0x3f, 0x51, 0x50, 0x68, 0xdc, + 0x87, 0x7a, 0x89, 0x5e, 0x72, 0x67, 0xdb, 0xc5, 0x3b, 0xab, 0x15, 0x73, 0x7c, 0x0b, 0x56, 0x93, + 0xf3, 0x10, 0x02, 0x2b, 0x8c, 0x4e, 0x30, 0x55, 0x33, 0xeb, 0xd6, 0x67, 0x50, 0xcb, 0x3f, 0x55, + 0xd2, 0x05, 0xf0, 0x38, 0x63, 0xe8, 0x29, 0x2e, 0xb2, 0xac, 0x9c, 0x7d, 0xbe, 0xfd, 0x8c, 0x72, + 0x0b, 0x52, 0xad, 0xbb, 0x50, 0xcb, 0x89, 0x65, 0x1e, 0x34, 0xa6, 0x66, 0x51, 0x16, 0x98, 0x59, + 0xb7, 0x7e, 0xa9, 0x40, 0xe1, 0x23, 0x5e, 0xaa, 0xb6, 0x03, 0xab, 0x81, 0x94, 0x31, 0x8a, 0x54, + 0x31, 0xdd, 0x91, 0x36, 0x54, 0xbd, 0x30, 0x40, 0xa6, 0x86, 0x03, 0xf3, 0xd7, 0xd7, 0x7a, 0x57, + 0xe6, 0xa7, 0x7b, 0xd5, 0x7e, 0x8a, 0xb9, 0x39, 0x4b, 0xf6, 0x61, 0xdd, 0x0b, 0x83, 0x8c, 0x48, + 0xbe, 0xf4, 0x5e, 0x7d, 0x7e, 0xba, 0xb7, 0xde, 0x3f, 0x18, 0xe6, 0xf2, 0x45, 0x19, 0xed, 0x54, + 0x7a, 0x3c, 0x4a, 0x3f, 0xf6, 0x9a, 0x9b, 0xee, 0xc8, 0x6b, 0xd8, 0x08, 0x46, 0x2f, 0xf9, 0x09, + 0xb2, 0xbe, 0x19, 0x72, 0xec, 0x55, 0x93, 0x9b, 0xdb, 0x4b, 0xa6, 0x0c, 0x67, 0x58, 0x14, 0x34, + 0xd7, 0xd5, 0xdb, 0x9a, 0x9f, 0xee, 0x6d, 0x0c, 0x07, 0x05, 0xdc, 0x3d, 0x6f, 0x8f, 0xdc, 0x03, + 0x1b, 0x4d, 0x4b, 0x1f, 0x3e, 0xe9, 0x3f, 0x7c, 0x10, 0xab, 0x31, 0x32, 0x95, 0x76, 0x92, 0xf9, + 0xdd, 0xab, 0xee, 0x85, 0x7c, 0x63, 0x06, 0x64, 0xd1, 0xe7, 0x92, 0x12, 0x79, 0x7a, 0xbe, 0xad, + 0x3f, 0x7e, 0x67, 0x5b, 0x27, 0x13, 0x9e, 0x93, 0x8f, 0xa8, 0x7a, 0x54, 0x72, 0x8c, 0xfd, 0x42, + 0x6d, 0x75, 0x7f, 0xb5, 0xa0, 0x9e, 0xf5, 0xd7, 0x0b, 0x14, 0xd3, 0xc0, 0x43, 0xf2, 0x05, 0x54, + 0x1e, 0xa1, 0x22, 0x3b, 0x0b, 0x33, 0x91, 0x99, 0x03, 0x1b, 0x5b, 0x0b, 0x78, 0xcb, 0xfe, 0xee, + 0x8f, 0xbf, 0x7e, 0xbc, 0x44, 0xc8, 0xa6, 0x99, 0x6d, 0xa7, 0xfb, 0xf9, 0x5c, 0x49, 0xc6, 0x00, + 0x8f, 0x30, 0xff, 0x24, 0x2f, 0x32, 0xd9, 0x5c, 0xc0, 0x4b, 0xbd, 0xde, 0x6a, 0x1a, 0x0f, 0x0d, + 0x62, 0x97, 0x3d, 0x74, 0xd2, 0x16, 0xef, 0xf5, 0x7f, 0x9b, 0xef, 0x5a, 0xbf, 0xcf, 0x77, 0xad, + 0x3f, 0xe7, 0xbb, 0xd6, 0x57, 0x1f, 0xfd, 0xbb, 0x69, 0x3a, 0x29, 0xb5, 0xdc, 0xd8, 0xf1, 0xaa, + 0x99, 0x7d, 0xef, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x99, 0x28, 0x60, 0x2e, 0xea, 0x0b, 0x00, + 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -990,6 +1009,27 @@ func (m *Settings) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.InstallationID) > 0 { + i -= len(m.InstallationID) + copy(dAtA[i:], m.InstallationID) + i = encodeVarintSettings(dAtA, i, uint64(len(m.InstallationID))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xd2 + } + if m.ImpersonationEnabled { + i-- + if m.ImpersonationEnabled { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xc8 + } if m.AppsInAnyNamespaceEnabled { i-- if m.AppsInAnyNamespaceEnabled { @@ -1750,6 +1790,13 @@ func (m *Settings) Size() (n int) { if m.AppsInAnyNamespaceEnabled { n += 3 } + if m.ImpersonationEnabled { + n += 3 + } + l = len(m.InstallationID) + if l > 0 { + n += 2 + l + sovSettings(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2840,6 +2887,58 @@ func (m *Settings) Unmarshal(dAtA []byte) error { } } m.AppsInAnyNamespaceEnabled = bool(v != 0) + case 25: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ImpersonationEnabled", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowSettings + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.ImpersonationEnabled = bool(v != 0) + case 26: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field InstallationID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowSettings + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthSettings + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthSettings + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.InstallationID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipSettings(dAtA[iNdEx:]) diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 8a8abc930978f..e69de29bb2d1d 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -1,137 +0,0 @@ -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,ClusterResourceBlacklist -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,ClusterResourceWhitelist -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,Destinations -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,NamespaceResourceBlacklist -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,NamespaceResourceWhitelist -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,Roles -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,SignatureKeys -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,SourceNamespaces -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,AppProjectSpec,SourceRepos -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationMatchExpression,Values -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationPreservedFields,Annotations -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationPreservedFields,Labels -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetApplicationStatus,TargetRevisions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetResourceIgnoreDifferences,JQPathExpressions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetResourceIgnoreDifferences,JSONPointers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStep,MatchExpressions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStrategy,Steps -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,Generators -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Resources -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTree,Nodes -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,FileParameters -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,Parameters -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,ValueFiles -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceJsonnet,ExtVars -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceJsonnet,Libs -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceJsonnet,TLAs -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceKustomize,Components -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSpec,Info -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationStatus,Conditions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationStatus,Resources -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationStatus,SourceTypes -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSummary,ExternalURLs -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSummary,Images -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationTree,Hosts -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationTree,Nodes -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationTree,OrphanedNodes -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ChartDetails,Maintainers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Cluster,Namespaces -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ClusterInfo,APIVersions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Command,Args -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Command,Command -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ExecProviderConfig,Args -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,GitGenerator,Directories -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,GitGenerator,Files -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,HelmOptions,ValuesFileSchemes -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,HostInfo,ResourcesInfo -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,JWTTokens,Items -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ListGenerator,Elements -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,MatrixGenerator,Generators -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,MergeGenerator,Generators -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,MergeGenerator,MergeKeys -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,NestedMergeGenerator,MergeKeys -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Operation,Info -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,OptionalArray,Array -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,OrphanedResourcesMonitorSettings,Ignore -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,OverrideIgnoreDiff,JQPathExpressions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,OverrideIgnoreDiff,JSONPointers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,OverrideIgnoreDiff,ManagedFieldsManagers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ProjectRole,Groups -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ProjectRole,JWTTokens -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ProjectRole,Policies -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGenerator,Filters -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGeneratorAzureDevOps,Labels -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGeneratorGitLab,Labels -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGeneratorGithub,Labels -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RepositoryCertificate,CertData -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceAction,Params -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceActions,Definitions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceIgnoreDifferences,JQPathExpressions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceIgnoreDifferences,JSONPointers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceIgnoreDifferences,ManagedFieldsManagers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceNetworkingInfo,ExternalURLs -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceNetworkingInfo,Ingress -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceNetworkingInfo,TargetRefs -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceNode,Images -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceNode,Info -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceNode,ParentRefs -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,KnownTypeFields -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RevisionHistory,Revisions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RevisionMetadata,Tags -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGenerator,Filters -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorAWSCodeCommit,TagFilters -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorFilter,PathsDoNotExist -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SCMProviderGeneratorFilter,PathsExist -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperation,ChangeRevisions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperation,Manifests -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperation,Resources -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperation,Revisions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncOperationResult,Revisions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncStatus,Revisions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncWindow,Applications -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncWindow,Clusters -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,SyncWindow,Namespaces -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,TLSClientConfig,CAData -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,TLSClientConfig,CertData -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,TLSClientConfig,KeyData -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,rawResourceOverride,KnownTypeFields -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceJsonnet,TLAs -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourcePluginParameter,String_ -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ClusterCacheInfo,APIsCount -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ConnectionState,ModifiedAt -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ErrApplicationNotAllowedToUseProject,application -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ErrApplicationNotAllowedToUseProject,namespace -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ErrApplicationNotAllowedToUseProject,project -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,HelmOptions,ValuesFileSchemes -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,JWTToken,ExpiresAt -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,JWTToken,IssuedAt -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,KustomizeOptions,BinaryPath -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,KustomizeOptions,BuildOptions -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,KustomizeOptions,SetNamespace -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGenerator,AzureDevOps -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,PullRequestGenerator,GitLab -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RefTarget,Chart -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RefTarget,Repo -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RefTarget,TargetRevision -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RepoCreds,GitHubAppEnterpriseBaseURL -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RepoCreds,GithubAppId -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,RepoCreds,GithubAppInstallationId -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Repository,EnableLFS -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Repository,GitHubAppEnterpriseBaseURL -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Repository,GithubAppId -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,Repository,GithubAppInstallationId -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceActionDefinition,ActionLua -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceActions,ActionDiscoveryLua -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,Actions -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,HealthLua -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,IgnoreDifferences -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,IgnoreResourceUpdates -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,KnownTypeFields -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ResourceOverride,UseOpenLibs -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,objectMeta,Name -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,rawResourceOverride,HealthLua -API rule violation: names_match,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,rawResourceOverride,UseOpenLibs diff --git a/pkg/apis/application/v1alpha1/app_project_types.go b/pkg/apis/application/v1alpha1/app_project_types.go index 5baa9ce165224..903d8aab29ddf 100644 --- a/pkg/apis/application/v1alpha1/app_project_types.go +++ b/pkg/apis/application/v1alpha1/app_project_types.go @@ -6,15 +6,22 @@ import ( "strconv" "strings" - "github.com/argoproj/argo-cd/v2/util/git" - "github.com/argoproj/argo-cd/v2/util/glob" - + globutil "github.com/gobwas/glob" "github.com/google/go-cmp/cmp" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/argoproj/argo-cd/v2/util/git" + "github.com/argoproj/argo-cd/v2/util/glob" +) + +const ( + // serviceAccountDisallowedCharSet contains the characters that are not allowed to be present + // in a DefaultServiceAccount configured for a DestinationServiceAccount + serviceAccountDisallowedCharSet = "!*[]{}\\/" ) type ErrApplicationNotAllowedToUseProject struct { @@ -265,6 +272,38 @@ func (p *AppProject) ValidateProject() error { } } + destServiceAccts := make(map[string]bool) + for _, destServiceAcct := range p.Spec.DestinationServiceAccounts { + if strings.Contains(destServiceAcct.Server, "!") { + return status.Errorf(codes.InvalidArgument, "server has an invalid format, '%s'", destServiceAcct.Server) + } + + if strings.Contains(destServiceAcct.Namespace, "!") { + return status.Errorf(codes.InvalidArgument, "namespace has an invalid format, '%s'", destServiceAcct.Namespace) + } + + if strings.Trim(destServiceAcct.DefaultServiceAccount, " ") == "" || + strings.ContainsAny(destServiceAcct.DefaultServiceAccount, serviceAccountDisallowedCharSet) { + return status.Errorf(codes.InvalidArgument, "defaultServiceAccount has an invalid format, '%s'", destServiceAcct.DefaultServiceAccount) + } + + _, err := globutil.Compile(destServiceAcct.Server) + if err != nil { + return status.Errorf(codes.InvalidArgument, "server has an invalid format, '%s'", destServiceAcct.Server) + } + + _, err = globutil.Compile(destServiceAcct.Namespace) + if err != nil { + return status.Errorf(codes.InvalidArgument, "namespace has an invalid format, '%s'", destServiceAcct.Namespace) + } + + key := fmt.Sprintf("%s/%s", destServiceAcct.Server, destServiceAcct.Namespace) + if _, ok := destServiceAccts[key]; ok { + return status.Errorf(codes.InvalidArgument, "destinationServiceAccount '%s' already added", key) + } + destServiceAccts[key] = true + } + return nil } diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 6c2b629dfdaa9..d4446130c7026 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -35,6 +35,12 @@ type SecretRef struct { Key string `json:"key" protobuf:"bytes,2,opt,name=key"` } +// Utility struct for a reference to a configmap key. +type ConfigMapKeyRef struct { + ConfigMapName string `json:"configMapName" protobuf:"bytes,1,opt,name=configMapName"` + Key string `json:"key" protobuf:"bytes,2,opt,name=key"` +} + // ApplicationSet is a set of Application resources // +genclient // +genclient:noStatus @@ -498,6 +504,8 @@ type SCMProviderGeneratorGitlab struct { IncludeSharedProjects *bool `json:"includeSharedProjects,omitempty" protobuf:"varint,7,opt,name=includeSharedProjects"` // Filter repos list based on Gitlab Topic. Topic string `json:"topic,omitempty" protobuf:"bytes,8,opt,name=topic"` + // ConfigMap key holding the trusted certificates + CARef *ConfigMapKeyRef `json:"caRef,omitempty" protobuf:"bytes,9,opt,name=caRef"` } func (s *SCMProviderGeneratorGitlab) WillIncludeSharedProjects() bool { @@ -526,6 +534,12 @@ type SCMProviderGeneratorBitbucketServer struct { BasicAuth *BasicAuthBitbucketServer `json:"basicAuth,omitempty" protobuf:"bytes,3,opt,name=basicAuth"` // Scan all branches instead of just the default branch. AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,4,opt,name=allBranches"` + // Credentials for AccessToken (Bearer auth) + BearerToken *BearerTokenBitbucket `json:"bearerToken,omitempty" protobuf:"bytes,5,opt,name=bearerToken"` + // Allow self-signed TLS / Certificates; default: false + Insecure bool `json:"insecure,omitempty" protobuf:"varint,6,opt,name=insecure"` + // ConfigMap key holding the trusted certificates + CARef *ConfigMapKeyRef `json:"caRef,omitempty" protobuf:"bytes,7,opt,name=caRef"` } // SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps. @@ -677,6 +691,8 @@ type PullRequestGeneratorGitLab struct { PullRequestState string `json:"pullRequestState,omitempty" protobuf:"bytes,5,rep,name=pullRequestState"` // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false Insecure bool `json:"insecure,omitempty" protobuf:"varint,6,opt,name=insecure"` + // ConfigMap key holding the trusted certificates + CARef *ConfigMapKeyRef `json:"caRef,omitempty" protobuf:"bytes,7,opt,name=caRef"` } // PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer. @@ -689,6 +705,12 @@ type PullRequestGeneratorBitbucketServer struct { API string `json:"api" protobuf:"bytes,3,opt,name=api"` // Credentials for Basic auth BasicAuth *BasicAuthBitbucketServer `json:"basicAuth,omitempty" protobuf:"bytes,4,opt,name=basicAuth"` + // Credentials for AccessToken (Bearer auth) + BearerToken *BearerTokenBitbucket `json:"bearerToken,omitempty" protobuf:"bytes,5,opt,name=bearerToken"` + // Allow self-signed TLS / Certificates; default: false + Insecure bool `json:"insecure,omitempty" protobuf:"varint,6,opt,name=insecure"` + // ConfigMap key holding the trusted certificates + CARef *ConfigMapKeyRef `json:"caRef,omitempty" protobuf:"bytes,7,opt,name=caRef"` } // PullRequestGeneratorBitbucket defines connection info specific to Bitbucket. @@ -705,6 +727,12 @@ type PullRequestGeneratorBitbucket struct { BearerToken *BearerTokenBitbucketCloud `json:"bearerToken,omitempty" protobuf:"bytes,5,opt,name=bearerToken"` } +// BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth. +type BearerTokenBitbucket struct { + // Password (or personal access token) reference. + TokenRef *SecretRef `json:"tokenRef" protobuf:"bytes,1,opt,name=tokenRef"` +} + // BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth. type BearerTokenBitbucketCloud struct { // Password (or personal access token) reference. diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 9f06cf8efca10..b284408ae022b 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -263,10 +263,38 @@ func (m *ApplicationDestination) XXX_DiscardUnknown() { var xxx_messageInfo_ApplicationDestination proto.InternalMessageInfo +func (m *ApplicationDestinationServiceAccount) Reset() { *m = ApplicationDestinationServiceAccount{} } +func (*ApplicationDestinationServiceAccount) ProtoMessage() {} +func (*ApplicationDestinationServiceAccount) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{8} +} +func (m *ApplicationDestinationServiceAccount) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApplicationDestinationServiceAccount) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ApplicationDestinationServiceAccount) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApplicationDestinationServiceAccount.Merge(m, src) +} +func (m *ApplicationDestinationServiceAccount) XXX_Size() int { + return m.Size() +} +func (m *ApplicationDestinationServiceAccount) XXX_DiscardUnknown() { + xxx_messageInfo_ApplicationDestinationServiceAccount.DiscardUnknown(m) +} + +var xxx_messageInfo_ApplicationDestinationServiceAccount proto.InternalMessageInfo + func (m *ApplicationList) Reset() { *m = ApplicationList{} } func (*ApplicationList) ProtoMessage() {} func (*ApplicationList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{8} + return fileDescriptor_030104ce3b95bcac, []int{9} } func (m *ApplicationList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -294,7 +322,7 @@ var xxx_messageInfo_ApplicationList proto.InternalMessageInfo func (m *ApplicationMatchExpression) Reset() { *m = ApplicationMatchExpression{} } func (*ApplicationMatchExpression) ProtoMessage() {} func (*ApplicationMatchExpression) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{9} + return fileDescriptor_030104ce3b95bcac, []int{10} } func (m *ApplicationMatchExpression) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -322,7 +350,7 @@ var xxx_messageInfo_ApplicationMatchExpression proto.InternalMessageInfo func (m *ApplicationPreservedFields) Reset() { *m = ApplicationPreservedFields{} } func (*ApplicationPreservedFields) ProtoMessage() {} func (*ApplicationPreservedFields) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{10} + return fileDescriptor_030104ce3b95bcac, []int{11} } func (m *ApplicationPreservedFields) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -350,7 +378,7 @@ var xxx_messageInfo_ApplicationPreservedFields proto.InternalMessageInfo func (m *ApplicationSet) Reset() { *m = ApplicationSet{} } func (*ApplicationSet) ProtoMessage() {} func (*ApplicationSet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{11} + return fileDescriptor_030104ce3b95bcac, []int{12} } func (m *ApplicationSet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -378,7 +406,7 @@ var xxx_messageInfo_ApplicationSet proto.InternalMessageInfo func (m *ApplicationSetApplicationStatus) Reset() { *m = ApplicationSetApplicationStatus{} } func (*ApplicationSetApplicationStatus) ProtoMessage() {} func (*ApplicationSetApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{12} + return fileDescriptor_030104ce3b95bcac, []int{13} } func (m *ApplicationSetApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -406,7 +434,7 @@ var xxx_messageInfo_ApplicationSetApplicationStatus proto.InternalMessageInfo func (m *ApplicationSetCondition) Reset() { *m = ApplicationSetCondition{} } func (*ApplicationSetCondition) ProtoMessage() {} func (*ApplicationSetCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{13} + return fileDescriptor_030104ce3b95bcac, []int{14} } func (m *ApplicationSetCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -434,7 +462,7 @@ var xxx_messageInfo_ApplicationSetCondition proto.InternalMessageInfo func (m *ApplicationSetGenerator) Reset() { *m = ApplicationSetGenerator{} } func (*ApplicationSetGenerator) ProtoMessage() {} func (*ApplicationSetGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{14} + return fileDescriptor_030104ce3b95bcac, []int{15} } func (m *ApplicationSetGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -462,7 +490,7 @@ var xxx_messageInfo_ApplicationSetGenerator proto.InternalMessageInfo func (m *ApplicationSetList) Reset() { *m = ApplicationSetList{} } func (*ApplicationSetList) ProtoMessage() {} func (*ApplicationSetList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{15} + return fileDescriptor_030104ce3b95bcac, []int{16} } func (m *ApplicationSetList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -490,7 +518,7 @@ var xxx_messageInfo_ApplicationSetList proto.InternalMessageInfo func (m *ApplicationSetNestedGenerator) Reset() { *m = ApplicationSetNestedGenerator{} } func (*ApplicationSetNestedGenerator) ProtoMessage() {} func (*ApplicationSetNestedGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{16} + return fileDescriptor_030104ce3b95bcac, []int{17} } func (m *ApplicationSetNestedGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -520,7 +548,7 @@ func (m *ApplicationSetResourceIgnoreDifferences) Reset() { } func (*ApplicationSetResourceIgnoreDifferences) ProtoMessage() {} func (*ApplicationSetResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{17} + return fileDescriptor_030104ce3b95bcac, []int{18} } func (m *ApplicationSetResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -548,7 +576,7 @@ var xxx_messageInfo_ApplicationSetResourceIgnoreDifferences proto.InternalMessag func (m *ApplicationSetRolloutStep) Reset() { *m = ApplicationSetRolloutStep{} } func (*ApplicationSetRolloutStep) ProtoMessage() {} func (*ApplicationSetRolloutStep) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{18} + return fileDescriptor_030104ce3b95bcac, []int{19} } func (m *ApplicationSetRolloutStep) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -576,7 +604,7 @@ var xxx_messageInfo_ApplicationSetRolloutStep proto.InternalMessageInfo func (m *ApplicationSetRolloutStrategy) Reset() { *m = ApplicationSetRolloutStrategy{} } func (*ApplicationSetRolloutStrategy) ProtoMessage() {} func (*ApplicationSetRolloutStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{19} + return fileDescriptor_030104ce3b95bcac, []int{20} } func (m *ApplicationSetRolloutStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -604,7 +632,7 @@ var xxx_messageInfo_ApplicationSetRolloutStrategy proto.InternalMessageInfo func (m *ApplicationSetSpec) Reset() { *m = ApplicationSetSpec{} } func (*ApplicationSetSpec) ProtoMessage() {} func (*ApplicationSetSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{20} + return fileDescriptor_030104ce3b95bcac, []int{21} } func (m *ApplicationSetSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -632,7 +660,7 @@ var xxx_messageInfo_ApplicationSetSpec proto.InternalMessageInfo func (m *ApplicationSetStatus) Reset() { *m = ApplicationSetStatus{} } func (*ApplicationSetStatus) ProtoMessage() {} func (*ApplicationSetStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{21} + return fileDescriptor_030104ce3b95bcac, []int{22} } func (m *ApplicationSetStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -660,7 +688,7 @@ var xxx_messageInfo_ApplicationSetStatus proto.InternalMessageInfo func (m *ApplicationSetStrategy) Reset() { *m = ApplicationSetStrategy{} } func (*ApplicationSetStrategy) ProtoMessage() {} func (*ApplicationSetStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{22} + return fileDescriptor_030104ce3b95bcac, []int{23} } func (m *ApplicationSetStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -688,7 +716,7 @@ var xxx_messageInfo_ApplicationSetStrategy proto.InternalMessageInfo func (m *ApplicationSetSyncPolicy) Reset() { *m = ApplicationSetSyncPolicy{} } func (*ApplicationSetSyncPolicy) ProtoMessage() {} func (*ApplicationSetSyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{23} + return fileDescriptor_030104ce3b95bcac, []int{24} } func (m *ApplicationSetSyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -716,7 +744,7 @@ var xxx_messageInfo_ApplicationSetSyncPolicy proto.InternalMessageInfo func (m *ApplicationSetTemplate) Reset() { *m = ApplicationSetTemplate{} } func (*ApplicationSetTemplate) ProtoMessage() {} func (*ApplicationSetTemplate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{24} + return fileDescriptor_030104ce3b95bcac, []int{25} } func (m *ApplicationSetTemplate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -744,7 +772,7 @@ var xxx_messageInfo_ApplicationSetTemplate proto.InternalMessageInfo func (m *ApplicationSetTemplateMeta) Reset() { *m = ApplicationSetTemplateMeta{} } func (*ApplicationSetTemplateMeta) ProtoMessage() {} func (*ApplicationSetTemplateMeta) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{25} + return fileDescriptor_030104ce3b95bcac, []int{26} } func (m *ApplicationSetTemplateMeta) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -772,7 +800,7 @@ var xxx_messageInfo_ApplicationSetTemplateMeta proto.InternalMessageInfo func (m *ApplicationSetTerminalGenerator) Reset() { *m = ApplicationSetTerminalGenerator{} } func (*ApplicationSetTerminalGenerator) ProtoMessage() {} func (*ApplicationSetTerminalGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{26} + return fileDescriptor_030104ce3b95bcac, []int{27} } func (m *ApplicationSetTerminalGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -800,7 +828,7 @@ var xxx_messageInfo_ApplicationSetTerminalGenerator proto.InternalMessageInfo func (m *ApplicationSetTree) Reset() { *m = ApplicationSetTree{} } func (*ApplicationSetTree) ProtoMessage() {} func (*ApplicationSetTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{27} + return fileDescriptor_030104ce3b95bcac, []int{28} } func (m *ApplicationSetTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -828,7 +856,7 @@ var xxx_messageInfo_ApplicationSetTree proto.InternalMessageInfo func (m *ApplicationSource) Reset() { *m = ApplicationSource{} } func (*ApplicationSource) ProtoMessage() {} func (*ApplicationSource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{28} + return fileDescriptor_030104ce3b95bcac, []int{29} } func (m *ApplicationSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -856,7 +884,7 @@ var xxx_messageInfo_ApplicationSource proto.InternalMessageInfo func (m *ApplicationSourceDirectory) Reset() { *m = ApplicationSourceDirectory{} } func (*ApplicationSourceDirectory) ProtoMessage() {} func (*ApplicationSourceDirectory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{29} + return fileDescriptor_030104ce3b95bcac, []int{30} } func (m *ApplicationSourceDirectory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -884,7 +912,7 @@ var xxx_messageInfo_ApplicationSourceDirectory proto.InternalMessageInfo func (m *ApplicationSourceHelm) Reset() { *m = ApplicationSourceHelm{} } func (*ApplicationSourceHelm) ProtoMessage() {} func (*ApplicationSourceHelm) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{30} + return fileDescriptor_030104ce3b95bcac, []int{31} } func (m *ApplicationSourceHelm) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -912,7 +940,7 @@ var xxx_messageInfo_ApplicationSourceHelm proto.InternalMessageInfo func (m *ApplicationSourceJsonnet) Reset() { *m = ApplicationSourceJsonnet{} } func (*ApplicationSourceJsonnet) ProtoMessage() {} func (*ApplicationSourceJsonnet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{31} + return fileDescriptor_030104ce3b95bcac, []int{32} } func (m *ApplicationSourceJsonnet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -940,7 +968,7 @@ var xxx_messageInfo_ApplicationSourceJsonnet proto.InternalMessageInfo func (m *ApplicationSourceKustomize) Reset() { *m = ApplicationSourceKustomize{} } func (*ApplicationSourceKustomize) ProtoMessage() {} func (*ApplicationSourceKustomize) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{32} + return fileDescriptor_030104ce3b95bcac, []int{33} } func (m *ApplicationSourceKustomize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -968,7 +996,7 @@ var xxx_messageInfo_ApplicationSourceKustomize proto.InternalMessageInfo func (m *ApplicationSourcePlugin) Reset() { *m = ApplicationSourcePlugin{} } func (*ApplicationSourcePlugin) ProtoMessage() {} func (*ApplicationSourcePlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{33} + return fileDescriptor_030104ce3b95bcac, []int{34} } func (m *ApplicationSourcePlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -996,7 +1024,7 @@ var xxx_messageInfo_ApplicationSourcePlugin proto.InternalMessageInfo func (m *ApplicationSourcePluginParameter) Reset() { *m = ApplicationSourcePluginParameter{} } func (*ApplicationSourcePluginParameter) ProtoMessage() {} func (*ApplicationSourcePluginParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{34} + return fileDescriptor_030104ce3b95bcac, []int{35} } func (m *ApplicationSourcePluginParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1024,7 +1052,7 @@ var xxx_messageInfo_ApplicationSourcePluginParameter proto.InternalMessageInfo func (m *ApplicationSpec) Reset() { *m = ApplicationSpec{} } func (*ApplicationSpec) ProtoMessage() {} func (*ApplicationSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{35} + return fileDescriptor_030104ce3b95bcac, []int{36} } func (m *ApplicationSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1052,7 +1080,7 @@ var xxx_messageInfo_ApplicationSpec proto.InternalMessageInfo func (m *ApplicationStatus) Reset() { *m = ApplicationStatus{} } func (*ApplicationStatus) ProtoMessage() {} func (*ApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{36} + return fileDescriptor_030104ce3b95bcac, []int{37} } func (m *ApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1080,7 +1108,7 @@ var xxx_messageInfo_ApplicationStatus proto.InternalMessageInfo func (m *ApplicationSummary) Reset() { *m = ApplicationSummary{} } func (*ApplicationSummary) ProtoMessage() {} func (*ApplicationSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{37} + return fileDescriptor_030104ce3b95bcac, []int{38} } func (m *ApplicationSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1108,7 +1136,7 @@ var xxx_messageInfo_ApplicationSummary proto.InternalMessageInfo func (m *ApplicationTree) Reset() { *m = ApplicationTree{} } func (*ApplicationTree) ProtoMessage() {} func (*ApplicationTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{38} + return fileDescriptor_030104ce3b95bcac, []int{39} } func (m *ApplicationTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1136,7 +1164,7 @@ var xxx_messageInfo_ApplicationTree proto.InternalMessageInfo func (m *ApplicationWatchEvent) Reset() { *m = ApplicationWatchEvent{} } func (*ApplicationWatchEvent) ProtoMessage() {} func (*ApplicationWatchEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{39} + return fileDescriptor_030104ce3b95bcac, []int{40} } func (m *ApplicationWatchEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1164,7 +1192,7 @@ var xxx_messageInfo_ApplicationWatchEvent proto.InternalMessageInfo func (m *Backoff) Reset() { *m = Backoff{} } func (*Backoff) ProtoMessage() {} func (*Backoff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *Backoff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1192,7 +1220,7 @@ var xxx_messageInfo_Backoff proto.InternalMessageInfo func (m *BasicAuthBitbucketServer) Reset() { *m = BasicAuthBitbucketServer{} } func (*BasicAuthBitbucketServer) ProtoMessage() {} func (*BasicAuthBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *BasicAuthBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1217,10 +1245,38 @@ func (m *BasicAuthBitbucketServer) XXX_DiscardUnknown() { var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo +func (m *BearerTokenBitbucket) Reset() { *m = BearerTokenBitbucket{} } +func (*BearerTokenBitbucket) ProtoMessage() {} +func (*BearerTokenBitbucket) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{43} +} +func (m *BearerTokenBitbucket) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BearerTokenBitbucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BearerTokenBitbucket) XXX_Merge(src proto.Message) { + xxx_messageInfo_BearerTokenBitbucket.Merge(m, src) +} +func (m *BearerTokenBitbucket) XXX_Size() int { + return m.Size() +} +func (m *BearerTokenBitbucket) XXX_DiscardUnknown() { + xxx_messageInfo_BearerTokenBitbucket.DiscardUnknown(m) +} + +var xxx_messageInfo_BearerTokenBitbucket proto.InternalMessageInfo + func (m *BearerTokenBitbucketCloud) Reset() { *m = BearerTokenBitbucketCloud{} } func (*BearerTokenBitbucketCloud) ProtoMessage() {} func (*BearerTokenBitbucketCloud) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *BearerTokenBitbucketCloud) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1248,7 +1304,7 @@ var xxx_messageInfo_BearerTokenBitbucketCloud proto.InternalMessageInfo func (m *ChartDetails) Reset() { *m = ChartDetails{} } func (*ChartDetails) ProtoMessage() {} func (*ChartDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ChartDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1276,7 +1332,7 @@ var xxx_messageInfo_ChartDetails proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1304,7 +1360,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1332,7 +1388,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1360,7 +1416,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1388,7 +1444,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1416,7 +1472,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1444,7 +1500,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1472,7 +1528,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1500,7 +1556,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1528,7 +1584,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1553,10 +1609,38 @@ func (m *ConfigManagementPlugin) XXX_DiscardUnknown() { var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo +func (m *ConfigMapKeyRef) Reset() { *m = ConfigMapKeyRef{} } +func (*ConfigMapKeyRef) ProtoMessage() {} +func (*ConfigMapKeyRef) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{56} +} +func (m *ConfigMapKeyRef) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConfigMapKeyRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ConfigMapKeyRef) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConfigMapKeyRef.Merge(m, src) +} +func (m *ConfigMapKeyRef) XXX_Size() int { + return m.Size() +} +func (m *ConfigMapKeyRef) XXX_DiscardUnknown() { + xxx_messageInfo_ConfigMapKeyRef.DiscardUnknown(m) +} + +var xxx_messageInfo_ConfigMapKeyRef proto.InternalMessageInfo + func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1584,7 +1668,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1612,7 +1696,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1640,7 +1724,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ErrApplicationNotAllowedToUseProject) Reset() { *m = ErrApplicationNotAllowedToUseProject{} } func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {} func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1668,7 +1752,7 @@ var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageIn func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1696,7 +1780,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1724,7 +1808,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1752,7 +1836,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1780,7 +1864,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1892,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1836,7 +1920,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1864,7 +1948,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1892,7 +1976,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1920,7 +2004,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1948,7 +2032,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1976,7 +2060,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2004,7 +2088,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2032,7 +2116,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2060,7 +2144,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2088,7 +2172,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2116,7 +2200,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2228,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2172,7 +2256,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeGvk) Reset() { *m = KustomizeGvk{} } func (*KustomizeGvk) ProtoMessage() {} func (*KustomizeGvk) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2200,7 +2284,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2228,7 +2312,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizePatch) Reset() { *m = KustomizePatch{} } func (*KustomizePatch) ProtoMessage() {} func (*KustomizePatch) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *KustomizePatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2256,7 +2340,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2368,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *KustomizeResId) Reset() { *m = KustomizeResId{} } func (*KustomizeResId) ProtoMessage() {} func (*KustomizeResId) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *KustomizeResId) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2312,7 +2396,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo func (m *KustomizeSelector) Reset() { *m = KustomizeSelector{} } func (*KustomizeSelector) ProtoMessage() {} func (*KustomizeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2340,7 +2424,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2452,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2396,7 +2480,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2424,7 +2508,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2452,7 +2536,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2480,7 +2564,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2508,7 +2592,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2536,7 +2620,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2564,7 +2648,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2592,7 +2676,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2620,7 +2704,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2648,7 +2732,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2676,7 +2760,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2704,7 +2788,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2732,7 +2816,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } func (*PluginConfigMapRef) ProtoMessage() {} func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2760,7 +2844,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } func (*PluginGenerator) ProtoMessage() {} func (*PluginGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2788,7 +2872,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo func (m *PluginInput) Reset() { *m = PluginInput{} } func (*PluginInput) ProtoMessage() {} func (*PluginInput) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *PluginInput) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2816,7 +2900,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2844,7 +2928,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2872,7 +2956,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2900,7 +2984,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } func (*PullRequestGeneratorBitbucket) ProtoMessage() {} func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2928,7 +3012,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2956,7 +3040,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2984,7 +3068,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3012,7 +3096,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3040,7 +3124,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3068,7 +3152,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3096,7 +3180,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3124,7 +3208,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3152,7 +3236,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3180,7 +3264,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3292,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3236,7 +3320,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3264,7 +3348,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3292,7 +3376,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3320,7 +3404,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3348,7 +3432,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3376,7 +3460,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3404,7 +3488,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3432,7 +3516,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3460,7 +3544,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3488,7 +3572,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3516,7 +3600,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3544,7 +3628,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3572,7 +3656,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3600,7 +3684,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3628,7 +3712,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3656,7 +3740,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3768,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3712,7 +3796,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3740,7 +3824,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3768,7 +3852,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3796,7 +3880,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3824,7 +3908,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3852,7 +3936,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3880,7 +3964,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3908,7 +3992,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3936,7 +4020,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3964,7 +4048,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{140} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3992,7 +4076,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{141} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4020,7 +4104,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{142} + return fileDescriptor_030104ce3b95bcac, []int{145} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4048,7 +4132,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{143} + return fileDescriptor_030104ce3b95bcac, []int{146} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4076,7 +4160,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{144} + return fileDescriptor_030104ce3b95bcac, []int{147} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4104,7 +4188,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{145} + return fileDescriptor_030104ce3b95bcac, []int{148} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4132,7 +4216,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{146} + return fileDescriptor_030104ce3b95bcac, []int{149} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4160,7 +4244,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{147} + return fileDescriptor_030104ce3b95bcac, []int{150} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4188,7 +4272,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{148} + return fileDescriptor_030104ce3b95bcac, []int{151} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4216,7 +4300,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{149} + return fileDescriptor_030104ce3b95bcac, []int{152} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4244,7 +4328,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{150} + return fileDescriptor_030104ce3b95bcac, []int{153} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4272,7 +4356,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{151} + return fileDescriptor_030104ce3b95bcac, []int{154} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4300,7 +4384,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{152} + return fileDescriptor_030104ce3b95bcac, []int{155} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4335,6 +4419,7 @@ func init() { proto.RegisterType((*Application)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Application") proto.RegisterType((*ApplicationCondition)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationCondition") proto.RegisterType((*ApplicationDestination)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationDestination") + proto.RegisterType((*ApplicationDestinationServiceAccount)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationDestinationServiceAccount") proto.RegisterType((*ApplicationList)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationList") proto.RegisterType((*ApplicationMatchExpression)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationMatchExpression") proto.RegisterType((*ApplicationPreservedFields)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationPreservedFields") @@ -4373,6 +4458,7 @@ func init() { proto.RegisterType((*ApplicationWatchEvent)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationWatchEvent") proto.RegisterType((*Backoff)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Backoff") proto.RegisterType((*BasicAuthBitbucketServer)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.BasicAuthBitbucketServer") + proto.RegisterType((*BearerTokenBitbucket)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.BearerTokenBitbucket") proto.RegisterType((*BearerTokenBitbucketCloud)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.BearerTokenBitbucketCloud") proto.RegisterType((*ChartDetails)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ChartDetails") proto.RegisterType((*Cluster)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Cluster") @@ -4388,6 +4474,7 @@ func init() { proto.RegisterType((*ComparedTo)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ComparedTo") proto.RegisterType((*ComponentParameter)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ComponentParameter") proto.RegisterType((*ConfigManagementPlugin)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigManagementPlugin") + proto.RegisterType((*ConfigMapKeyRef)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigMapKeyRef") proto.RegisterType((*ConnectionState)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConnectionState") proto.RegisterType((*DuckTypeGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.DuckTypeGenerator") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.DuckTypeGenerator.ValuesEntry") @@ -4508,707 +4595,725 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 11198 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6f, 0x70, 0x24, 0xc7, - 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0xff, 0xee, 0xfa, 0xee, 0x48, 0xdc, 0x89, 0x24, - 0xce, 0x43, 0x9b, 0xa2, 0x7e, 0x22, 0x01, 0xf3, 0x44, 0xca, 0xfc, 0x89, 0x96, 0x64, 0xfc, 0xb9, - 0xc3, 0xe1, 0x0e, 0x38, 0x80, 0x0d, 0xdc, 0x9d, 0x44, 0x99, 0xa2, 0x06, 0xbb, 0x8d, 0xc5, 0x1c, - 0x66, 0x67, 0x86, 0x33, 0xb3, 0x38, 0x80, 0x96, 0x64, 0xc9, 0x92, 0x6c, 0x25, 0xfa, 0x43, 0x85, - 0x4a, 0xca, 0x74, 0x62, 0x29, 0xb2, 0xe5, 0xa4, 0xe2, 0x4a, 0x54, 0x71, 0x92, 0x0f, 0x71, 0xe4, - 0x54, 0xb9, 0x62, 0xa7, 0x52, 0x4a, 0x1c, 0x97, 0x1d, 0x97, 0xcb, 0x72, 0x12, 0x1b, 0x91, 0x2e, - 0x95, 0x4a, 0x2a, 0x55, 0x71, 0x95, 0x13, 0x7f, 0x48, 0x2e, 0xf9, 0x90, 0xea, 0xff, 0x3d, 0xb3, - 0xb3, 0xc0, 0x02, 0x18, 0xdc, 0x9d, 0x14, 0x7e, 0xdb, 0xed, 0xf7, 0xe6, 0xbd, 0x9e, 0x9e, 0xee, - 0xf7, 0x5e, 0xbf, 0x7e, 0xef, 0x35, 0x2c, 0x34, 0xdd, 0x64, 0xa3, 0xbd, 0x36, 0x51, 0x0f, 0x5a, - 0x93, 0x4e, 0xd4, 0x0c, 0xc2, 0x28, 0xb8, 0xc5, 0x7e, 0x3c, 0x5d, 0x6f, 0x4c, 0x6e, 0x5d, 0x98, - 0x0c, 0x37, 0x9b, 0x93, 0x4e, 0xe8, 0xc6, 0x93, 0x4e, 0x18, 0x7a, 0x6e, 0xdd, 0x49, 0xdc, 0xc0, - 0x9f, 0xdc, 0x7a, 0xc6, 0xf1, 0xc2, 0x0d, 0xe7, 0x99, 0xc9, 0x26, 0xf1, 0x49, 0xe4, 0x24, 0xa4, - 0x31, 0x11, 0x46, 0x41, 0x12, 0xa0, 0x1f, 0xd7, 0xd4, 0x26, 0x24, 0x35, 0xf6, 0xe3, 0x95, 0x7a, - 0x63, 0x62, 0xeb, 0xc2, 0x44, 0xb8, 0xd9, 0x9c, 0xa0, 0xd4, 0x26, 0x0c, 0x6a, 0x13, 0x92, 0xda, - 0xb9, 0xa7, 0x8d, 0xbe, 0x34, 0x83, 0x66, 0x30, 0xc9, 0x88, 0xae, 0xb5, 0xd7, 0xd9, 0x3f, 0xf6, - 0x87, 0xfd, 0xe2, 0xcc, 0xce, 0xd9, 0x9b, 0xcf, 0xc7, 0x13, 0x6e, 0x40, 0xbb, 0x37, 0x59, 0x0f, - 0x22, 0x32, 0xb9, 0xd5, 0xd1, 0xa1, 0x73, 0x97, 0x35, 0x0e, 0xd9, 0x4e, 0x88, 0x1f, 0xbb, 0x81, - 0x1f, 0x3f, 0x4d, 0xbb, 0x40, 0xa2, 0x2d, 0x12, 0x99, 0xaf, 0x67, 0x20, 0xe4, 0x51, 0x7a, 0x56, - 0x53, 0x6a, 0x39, 0xf5, 0x0d, 0xd7, 0x27, 0xd1, 0x8e, 0x7e, 0xbc, 0x45, 0x12, 0x27, 0xef, 0xa9, - 0xc9, 0x6e, 0x4f, 0x45, 0x6d, 0x3f, 0x71, 0x5b, 0xa4, 0xe3, 0x81, 0xf7, 0xec, 0xf7, 0x40, 0x5c, - 0xdf, 0x20, 0x2d, 0xa7, 0xe3, 0xb9, 0x77, 0x77, 0x7b, 0xae, 0x9d, 0xb8, 0xde, 0xa4, 0xeb, 0x27, - 0x71, 0x12, 0x65, 0x1f, 0xb2, 0x7f, 0xd1, 0x82, 0xe1, 0xa9, 0x9b, 0x2b, 0x53, 0xed, 0x64, 0x63, - 0x26, 0xf0, 0xd7, 0xdd, 0x26, 0x7a, 0x0e, 0x06, 0xeb, 0x5e, 0x3b, 0x4e, 0x48, 0x74, 0xcd, 0x69, - 0x91, 0x31, 0xeb, 0xbc, 0xf5, 0x64, 0x6d, 0xfa, 0xd4, 0xb7, 0x77, 0xc7, 0xdf, 0x76, 0x67, 0x77, - 0x7c, 0x70, 0x46, 0x83, 0xb0, 0x89, 0x87, 0xde, 0x09, 0x03, 0x51, 0xe0, 0x91, 0x29, 0x7c, 0x6d, - 0xac, 0xc4, 0x1e, 0x19, 0x15, 0x8f, 0x0c, 0x60, 0xde, 0x8c, 0x25, 0x9c, 0xa2, 0x86, 0x51, 0xb0, - 0xee, 0x7a, 0x64, 0xac, 0x9c, 0x46, 0x5d, 0xe6, 0xcd, 0x58, 0xc2, 0xed, 0x3f, 0x2a, 0x01, 0x4c, - 0x85, 0xe1, 0x72, 0x14, 0xdc, 0x22, 0xf5, 0x04, 0x7d, 0x14, 0xaa, 0x74, 0x98, 0x1b, 0x4e, 0xe2, - 0xb0, 0x8e, 0x0d, 0x5e, 0xf8, 0xd1, 0x09, 0xfe, 0xd6, 0x13, 0xe6, 0x5b, 0xeb, 0x49, 0x46, 0xb1, - 0x27, 0xb6, 0x9e, 0x99, 0x58, 0x5a, 0xa3, 0xcf, 0x2f, 0x92, 0xc4, 0x99, 0x46, 0x82, 0x19, 0xe8, - 0x36, 0xac, 0xa8, 0x22, 0x1f, 0xfa, 0xe2, 0x90, 0xd4, 0xd9, 0x3b, 0x0c, 0x5e, 0x58, 0x98, 0x38, - 0xca, 0x6c, 0x9e, 0xd0, 0x3d, 0x5f, 0x09, 0x49, 0x7d, 0x7a, 0x48, 0x70, 0xee, 0xa3, 0xff, 0x30, - 0xe3, 0x83, 0xb6, 0xa0, 0x3f, 0x4e, 0x9c, 0xa4, 0x1d, 0xb3, 0xa1, 0x18, 0xbc, 0x70, 0xad, 0x30, - 0x8e, 0x8c, 0xea, 0xf4, 0x88, 0xe0, 0xd9, 0xcf, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x53, 0x0b, 0x46, - 0x34, 0xf2, 0x82, 0x1b, 0x27, 0xe8, 0x27, 0x3b, 0x06, 0x77, 0xa2, 0xb7, 0xc1, 0xa5, 0x4f, 0xb3, - 0xa1, 0x3d, 0x21, 0x98, 0x55, 0x65, 0x8b, 0x31, 0xb0, 0x2d, 0xa8, 0xb8, 0x09, 0x69, 0xc5, 0x63, - 0xa5, 0xf3, 0xe5, 0x27, 0x07, 0x2f, 0x5c, 0x2e, 0xea, 0x3d, 0xa7, 0x87, 0x05, 0xd3, 0xca, 0x3c, - 0x25, 0x8f, 0x39, 0x17, 0xfb, 0x57, 0x87, 0xcc, 0xf7, 0xa3, 0x03, 0x8e, 0x9e, 0x81, 0xc1, 0x38, - 0x68, 0x47, 0x75, 0x82, 0x49, 0x18, 0xc4, 0x63, 0xd6, 0xf9, 0x32, 0x9d, 0x7a, 0x74, 0x52, 0xaf, - 0xe8, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x59, 0x30, 0xd4, 0x20, 0x71, 0xe2, 0xfa, 0x8c, 0xbf, 0xec, - 0xfc, 0xea, 0x91, 0x3b, 0x2f, 0x1b, 0x67, 0x35, 0xf1, 0xe9, 0xd3, 0xe2, 0x45, 0x86, 0x8c, 0xc6, - 0x18, 0xa7, 0xf8, 0xd3, 0xc5, 0xd9, 0x20, 0x71, 0x3d, 0x72, 0x43, 0xfa, 0x5f, 0x2c, 0x1f, 0xb5, - 0x38, 0x67, 0x35, 0x08, 0x9b, 0x78, 0xc8, 0x87, 0x0a, 0x5d, 0x7c, 0xf1, 0x58, 0x1f, 0xeb, 0xff, - 0xfc, 0xd1, 0xfa, 0x2f, 0x06, 0x95, 0xae, 0x6b, 0x3d, 0xfa, 0xf4, 0x5f, 0x8c, 0x39, 0x1b, 0xf4, - 0x45, 0x0b, 0xc6, 0x84, 0x70, 0xc0, 0x84, 0x0f, 0xe8, 0xcd, 0x0d, 0x37, 0x21, 0x9e, 0x1b, 0x27, - 0x63, 0x15, 0xd6, 0x87, 0xc9, 0xde, 0xe6, 0xd6, 0x5c, 0x14, 0xb4, 0xc3, 0xab, 0xae, 0xdf, 0x98, - 0x3e, 0x2f, 0x38, 0x8d, 0xcd, 0x74, 0x21, 0x8c, 0xbb, 0xb2, 0x44, 0x5f, 0xb1, 0xe0, 0x9c, 0xef, - 0xb4, 0x48, 0x1c, 0x3a, 0xf4, 0xd3, 0x72, 0xf0, 0xb4, 0xe7, 0xd4, 0x37, 0x59, 0x8f, 0xfa, 0x0f, - 0xd7, 0x23, 0x5b, 0xf4, 0xe8, 0xdc, 0xb5, 0xae, 0xa4, 0xf1, 0x1e, 0x6c, 0xd1, 0x37, 0x2c, 0x38, - 0x19, 0x44, 0xe1, 0x86, 0xe3, 0x93, 0x86, 0x84, 0xc6, 0x63, 0x03, 0x6c, 0xe9, 0x7d, 0xe4, 0x68, - 0x9f, 0x68, 0x29, 0x4b, 0x76, 0x31, 0xf0, 0xdd, 0x24, 0x88, 0x56, 0x48, 0x92, 0xb8, 0x7e, 0x33, - 0x9e, 0x3e, 0x73, 0x67, 0x77, 0xfc, 0x64, 0x07, 0x16, 0xee, 0xec, 0x0f, 0xfa, 0x29, 0x18, 0x8c, - 0x77, 0xfc, 0xfa, 0x4d, 0xd7, 0x6f, 0x04, 0xb7, 0xe3, 0xb1, 0x6a, 0x11, 0xcb, 0x77, 0x45, 0x11, - 0x14, 0x0b, 0x50, 0x33, 0xc0, 0x26, 0xb7, 0xfc, 0x0f, 0xa7, 0xa7, 0x52, 0xad, 0xe8, 0x0f, 0xa7, - 0x27, 0xd3, 0x1e, 0x6c, 0xd1, 0xcf, 0x59, 0x30, 0x1c, 0xbb, 0x4d, 0xdf, 0x49, 0xda, 0x11, 0xb9, - 0x4a, 0x76, 0xe2, 0x31, 0x60, 0x1d, 0xb9, 0x72, 0xc4, 0x51, 0x31, 0x48, 0x4e, 0x9f, 0x11, 0x7d, - 0x1c, 0x36, 0x5b, 0x63, 0x9c, 0xe6, 0x9b, 0xb7, 0xd0, 0xf4, 0xb4, 0x1e, 0x2c, 0x76, 0xa1, 0xe9, - 0x49, 0xdd, 0x95, 0x25, 0xfa, 0x09, 0x38, 0xc1, 0x9b, 0xd4, 0xc8, 0xc6, 0x63, 0x43, 0x4c, 0xd0, - 0x9e, 0xbe, 0xb3, 0x3b, 0x7e, 0x62, 0x25, 0x03, 0xc3, 0x1d, 0xd8, 0xe8, 0x55, 0x18, 0x0f, 0x49, - 0xd4, 0x72, 0x93, 0x25, 0xdf, 0xdb, 0x91, 0xe2, 0xbb, 0x1e, 0x84, 0xa4, 0x21, 0xba, 0x13, 0x8f, - 0x0d, 0x9f, 0xb7, 0x9e, 0xac, 0x4e, 0xbf, 0x43, 0x74, 0x73, 0x7c, 0x79, 0x6f, 0x74, 0xbc, 0x1f, - 0x3d, 0xfb, 0x5f, 0x96, 0xe0, 0x44, 0x56, 0x71, 0xa2, 0xbf, 0x6d, 0xc1, 0xe8, 0xad, 0xdb, 0xc9, - 0x6a, 0xb0, 0x49, 0xfc, 0x78, 0x7a, 0x87, 0x8a, 0x37, 0xa6, 0x32, 0x06, 0x2f, 0xd4, 0x8b, 0x55, - 0xd1, 0x13, 0x57, 0xd2, 0x5c, 0x2e, 0xfa, 0x49, 0xb4, 0x33, 0xfd, 0xb0, 0x78, 0xbb, 0xd1, 0x2b, - 0x37, 0x57, 0x4d, 0x28, 0xce, 0x76, 0xea, 0xdc, 0xe7, 0x2d, 0x38, 0x9d, 0x47, 0x02, 0x9d, 0x80, - 0xf2, 0x26, 0xd9, 0xe1, 0x06, 0x1c, 0xa6, 0x3f, 0xd1, 0xcb, 0x50, 0xd9, 0x72, 0xbc, 0x36, 0x11, - 0xd6, 0xcd, 0xdc, 0xd1, 0x5e, 0x44, 0xf5, 0x0c, 0x73, 0xaa, 0xef, 0x2d, 0x3d, 0x6f, 0xd9, 0xbf, - 0x57, 0x86, 0x41, 0x43, 0xbf, 0xdd, 0x03, 0x8b, 0x2d, 0x48, 0x59, 0x6c, 0x8b, 0x85, 0xa9, 0xe6, - 0xae, 0x26, 0xdb, 0xed, 0x8c, 0xc9, 0xb6, 0x54, 0x1c, 0xcb, 0x3d, 0x6d, 0x36, 0x94, 0x40, 0x2d, - 0x08, 0xa9, 0xf5, 0x4e, 0x55, 0x7f, 0x5f, 0x11, 0x9f, 0x70, 0x49, 0x92, 0x9b, 0x1e, 0xbe, 0xb3, - 0x3b, 0x5e, 0x53, 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xc7, 0x82, 0xd3, 0x46, 0x1f, 0x67, 0x02, 0xbf, - 0xe1, 0xb2, 0x4f, 0x7b, 0x1e, 0xfa, 0x92, 0x9d, 0x50, 0xee, 0x10, 0xd4, 0x48, 0xad, 0xee, 0x84, - 0x04, 0x33, 0x08, 0x35, 0xf4, 0x5b, 0x24, 0x8e, 0x9d, 0x26, 0xc9, 0xee, 0x09, 0x16, 0x79, 0x33, - 0x96, 0x70, 0x14, 0x01, 0xf2, 0x9c, 0x38, 0x59, 0x8d, 0x1c, 0x3f, 0x66, 0xe4, 0x57, 0xdd, 0x16, - 0x11, 0x03, 0xfc, 0xff, 0xf5, 0x36, 0x63, 0xe8, 0x13, 0xd3, 0x0f, 0xdd, 0xd9, 0x1d, 0x47, 0x0b, - 0x1d, 0x94, 0x70, 0x0e, 0x75, 0xfb, 0x2b, 0x16, 0x3c, 0x94, 0x6f, 0x8b, 0xa1, 0x27, 0xa0, 0x9f, - 0x6f, 0x0f, 0xc5, 0xdb, 0xe9, 0x4f, 0xc2, 0x5a, 0xb1, 0x80, 0xa2, 0x49, 0xa8, 0x29, 0x3d, 0x21, - 0xde, 0xf1, 0xa4, 0x40, 0xad, 0x69, 0xe5, 0xa2, 0x71, 0xe8, 0xa0, 0xd1, 0x3f, 0xc2, 0x72, 0x53, - 0x83, 0xc6, 0xf6, 0x53, 0x0c, 0x62, 0xff, 0x07, 0x0b, 0x46, 0x8d, 0x5e, 0xdd, 0x03, 0xd3, 0xdc, - 0x4f, 0x9b, 0xe6, 0xf3, 0x85, 0xcd, 0xe7, 0x2e, 0xb6, 0xf9, 0x17, 0x2d, 0x38, 0x67, 0x60, 0x2d, - 0x3a, 0x49, 0x7d, 0xe3, 0xe2, 0x76, 0x18, 0x91, 0x98, 0x6e, 0xbd, 0xd1, 0xa3, 0x86, 0xdc, 0x9a, - 0x1e, 0x14, 0x14, 0xca, 0x57, 0xc9, 0x0e, 0x17, 0x62, 0x4f, 0x41, 0x95, 0x4f, 0xce, 0x20, 0x12, - 0x23, 0xae, 0xde, 0x6d, 0x49, 0xb4, 0x63, 0x85, 0x81, 0x6c, 0xe8, 0x67, 0xc2, 0x89, 0x2e, 0x56, - 0xaa, 0x86, 0x80, 0x7e, 0xc4, 0x1b, 0xac, 0x05, 0x0b, 0x88, 0x1d, 0xa7, 0xba, 0xb3, 0x1c, 0x11, - 0xf6, 0x71, 0x1b, 0x97, 0x5c, 0xe2, 0x35, 0x62, 0xba, 0x6d, 0x70, 0x7c, 0x3f, 0x48, 0xc4, 0x0e, - 0xc0, 0xd8, 0x36, 0x4c, 0xe9, 0x66, 0x6c, 0xe2, 0x50, 0xa6, 0x9e, 0xb3, 0x46, 0x3c, 0x3e, 0xa2, - 0x82, 0xe9, 0x02, 0x6b, 0xc1, 0x02, 0x62, 0xdf, 0x29, 0xb1, 0x0d, 0x8a, 0x5a, 0xfa, 0xe4, 0x5e, - 0xec, 0x6e, 0xa3, 0x94, 0xac, 0x5c, 0x2e, 0x4e, 0x70, 0x91, 0xee, 0x3b, 0xdc, 0xd7, 0x32, 0xe2, - 0x12, 0x17, 0xca, 0x75, 0xef, 0x5d, 0xee, 0x27, 0xcb, 0x30, 0x9e, 0x7e, 0xa0, 0x43, 0xda, 0xd2, - 0x2d, 0x95, 0xc1, 0x28, 0xeb, 0xef, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x45, 0x60, 0x95, 0x8e, 0x53, - 0x60, 0x99, 0xf2, 0xb4, 0xbc, 0x8f, 0x3c, 0x7d, 0x42, 0x8d, 0x7a, 0x5f, 0x46, 0x80, 0xa5, 0x75, - 0xca, 0x79, 0xe8, 0x8b, 0x13, 0x12, 0x8e, 0x55, 0xd2, 0xf2, 0x68, 0x25, 0x21, 0x21, 0x66, 0x10, - 0xf4, 0x3e, 0x18, 0x4d, 0x9c, 0xa8, 0x49, 0x92, 0x88, 0x6c, 0xb9, 0xcc, 0x37, 0xc6, 0xf6, 0x4b, - 0xb5, 0xe9, 0x53, 0xd4, 0x3c, 0x59, 0x65, 0x20, 0x2c, 0x41, 0x38, 0x8b, 0x6b, 0xff, 0xd7, 0x12, - 0x3c, 0x9c, 0xfe, 0x04, 0x5a, 0x83, 0x7c, 0x20, 0xa5, 0x41, 0xde, 0x65, 0x6a, 0x90, 0xbb, 0xbb, - 0xe3, 0x6f, 0xef, 0xf2, 0xd8, 0xf7, 0x8d, 0x82, 0x41, 0x73, 0x99, 0x8f, 0x30, 0x99, 0xfe, 0x08, - 0x77, 0x77, 0xc7, 0x1f, 0xed, 0xf2, 0x8e, 0x99, 0xaf, 0xf4, 0x04, 0xf4, 0x47, 0xc4, 0x89, 0x03, - 0x5f, 0x7c, 0x27, 0xf5, 0x35, 0x31, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x41, 0x2d, 0x3b, 0xd8, 0x73, - 0xdc, 0xdf, 0x17, 0x44, 0xc8, 0x85, 0x3e, 0xb6, 0x2b, 0xe0, 0x92, 0xe5, 0xea, 0xd1, 0x56, 0x21, - 0xd5, 0x22, 0x8a, 0xf4, 0x74, 0x95, 0x7e, 0x35, 0xda, 0x84, 0x19, 0x0b, 0xb4, 0x0d, 0xd5, 0xba, - 0x34, 0xd6, 0x4b, 0x45, 0xb8, 0xb5, 0x84, 0xa9, 0xae, 0x39, 0x0e, 0x51, 0x71, 0xaf, 0x2c, 0x7c, - 0xc5, 0x0d, 0x11, 0x28, 0x37, 0xdd, 0x44, 0x7c, 0xd6, 0x23, 0x6e, 0xc7, 0xe6, 0x5c, 0xe3, 0x15, - 0x07, 0xa8, 0x0e, 0x9a, 0x73, 0x13, 0x4c, 0xe9, 0xa3, 0xcf, 0x5a, 0x30, 0x18, 0xd7, 0x5b, 0xcb, - 0x51, 0xb0, 0xe5, 0x36, 0x48, 0x24, 0x8c, 0xb1, 0x23, 0x4a, 0xb6, 0x95, 0x99, 0x45, 0x49, 0x50, - 0xf3, 0xe5, 0xdb, 0x63, 0x0d, 0xc1, 0x26, 0x5f, 0xba, 0x49, 0x79, 0x58, 0xbc, 0xfb, 0x2c, 0xa9, - 0xb3, 0x15, 0x27, 0xf7, 0x64, 0x6c, 0xa6, 0x1c, 0xd9, 0x38, 0x9d, 0x6d, 0xd7, 0x37, 0xe9, 0x7a, - 0xd3, 0x1d, 0x7a, 0xfb, 0x9d, 0xdd, 0xf1, 0x87, 0x67, 0xf2, 0x79, 0xe2, 0x6e, 0x9d, 0x61, 0x03, - 0x16, 0xb6, 0x3d, 0x0f, 0x93, 0x57, 0xdb, 0x84, 0x79, 0x5c, 0x0a, 0x18, 0xb0, 0x65, 0x4d, 0x30, - 0x33, 0x60, 0x06, 0x04, 0x9b, 0x7c, 0xd1, 0xab, 0xd0, 0xdf, 0x72, 0x92, 0xc8, 0xdd, 0x16, 0x6e, - 0x96, 0x23, 0x6e, 0x17, 0x16, 0x19, 0x2d, 0xcd, 0x9c, 0x29, 0x7a, 0xde, 0x88, 0x05, 0x23, 0xd4, - 0x82, 0x4a, 0x8b, 0x44, 0x4d, 0x32, 0x56, 0x2d, 0xc2, 0xa5, 0xbc, 0x48, 0x49, 0x69, 0x86, 0x35, - 0x6a, 0x5c, 0xb1, 0x36, 0xcc, 0xb9, 0xa0, 0x97, 0xa1, 0x1a, 0x13, 0x8f, 0xd4, 0xa9, 0x79, 0x54, - 0x63, 0x1c, 0xdf, 0xdd, 0xa3, 0xa9, 0x48, 0xed, 0x92, 0x15, 0xf1, 0x28, 0x5f, 0x60, 0xf2, 0x1f, - 0x56, 0x24, 0xe9, 0x00, 0x86, 0x5e, 0xbb, 0xe9, 0xfa, 0x63, 0x50, 0xc4, 0x00, 0x2e, 0x33, 0x5a, - 0x99, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, 0x93, 0x05, 0x28, 0x2d, 0xd4, 0xee, 0x81, 0x4d, - 0xfc, 0x6a, 0xda, 0x26, 0x5e, 0x28, 0xd2, 0x68, 0xe9, 0x62, 0x16, 0xff, 0x46, 0x0d, 0x32, 0xea, - 0xe0, 0x1a, 0x89, 0x13, 0xd2, 0x78, 0x4b, 0x84, 0xbf, 0x25, 0xc2, 0xdf, 0x12, 0xe1, 0x4a, 0x84, - 0xaf, 0x65, 0x44, 0xf8, 0xfb, 0x8d, 0x55, 0xaf, 0xcf, 0x6f, 0x5f, 0x51, 0x07, 0xbc, 0x66, 0x0f, - 0x0c, 0x04, 0x2a, 0x09, 0xae, 0xac, 0x2c, 0x5d, 0xcb, 0x95, 0xd9, 0xaf, 0xa4, 0x65, 0xf6, 0x51, - 0x59, 0xfc, 0xbf, 0x20, 0xa5, 0xff, 0x85, 0x05, 0xef, 0x48, 0x4b, 0x2f, 0x39, 0x73, 0xe6, 0x9b, - 0x7e, 0x10, 0x91, 0x59, 0x77, 0x7d, 0x9d, 0x44, 0xc4, 0xaf, 0x93, 0x58, 0x39, 0x41, 0xac, 0x6e, - 0x4e, 0x10, 0xf4, 0x2c, 0x0c, 0xdd, 0x8a, 0x03, 0x7f, 0x39, 0x70, 0x7d, 0x21, 0x82, 0xe8, 0x8e, - 0xe3, 0xc4, 0x9d, 0xdd, 0xf1, 0x21, 0x3a, 0xa2, 0xb2, 0x1d, 0xa7, 0xb0, 0xd0, 0x0c, 0x9c, 0xbc, - 0xf5, 0xea, 0xb2, 0x93, 0x18, 0xde, 0x04, 0xb9, 0xef, 0x67, 0xe7, 0x1d, 0x57, 0x5e, 0xcc, 0x00, - 0x71, 0x27, 0xbe, 0xfd, 0x37, 0x4a, 0x70, 0x36, 0xf3, 0x22, 0x81, 0xe7, 0x05, 0xed, 0x84, 0xee, - 0x89, 0xd0, 0xd7, 0x2c, 0x38, 0xd1, 0x4a, 0x3b, 0x2c, 0x62, 0xe1, 0x17, 0xfe, 0x60, 0x61, 0x3a, - 0x22, 0xe3, 0x11, 0x99, 0x1e, 0x13, 0x23, 0x74, 0x22, 0x03, 0x88, 0x71, 0x47, 0x5f, 0xd0, 0xcb, - 0x50, 0x6b, 0x39, 0xdb, 0xd7, 0xc3, 0x86, 0x93, 0xc8, 0xed, 0x68, 0x77, 0x2f, 0x42, 0x3b, 0x71, - 0xbd, 0x09, 0x1e, 0x19, 0x30, 0x31, 0xef, 0x27, 0x4b, 0xd1, 0x4a, 0x12, 0xb9, 0x7e, 0x93, 0x7b, - 0x03, 0x17, 0x25, 0x19, 0xac, 0x29, 0xda, 0x5f, 0xb5, 0xb2, 0x4a, 0x4a, 0x8d, 0x4e, 0xe4, 0x24, - 0xa4, 0xb9, 0x83, 0x3e, 0x06, 0x15, 0xba, 0x6f, 0x94, 0xa3, 0x72, 0xb3, 0x48, 0xcd, 0x69, 0x7c, - 0x09, 0xad, 0x44, 0xe9, 0xbf, 0x18, 0x73, 0xa6, 0xf6, 0xd7, 0x6a, 0x59, 0x63, 0x81, 0x9d, 0xfd, - 0x5e, 0x00, 0x68, 0x06, 0xab, 0xa4, 0x15, 0x7a, 0x74, 0x58, 0x2c, 0x76, 0x80, 0xa0, 0x5c, 0x25, - 0x73, 0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x97, 0x2c, 0x80, 0xa6, 0x9c, 0xf3, 0xd2, 0x10, 0xb8, 0x5e, - 0xe4, 0xeb, 0xe8, 0x15, 0xa5, 0xfb, 0xa2, 0x18, 0x62, 0x83, 0x39, 0xfa, 0x19, 0x0b, 0xaa, 0x89, - 0xec, 0x3e, 0x57, 0x8d, 0xab, 0x45, 0xf6, 0x44, 0xbe, 0xb4, 0xb6, 0x89, 0xd4, 0x90, 0x28, 0xbe, - 0xe8, 0x67, 0x2d, 0x80, 0x78, 0xc7, 0xaf, 0x2f, 0x07, 0x9e, 0x5b, 0xdf, 0x11, 0x1a, 0xf3, 0x46, - 0xa1, 0xee, 0x1c, 0x45, 0x7d, 0x7a, 0x84, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0x13, 0x50, - 0x8d, 0xc5, 0x74, 0x13, 0x3a, 0x72, 0xb5, 0x58, 0xa7, 0x12, 0xa7, 0x2d, 0xc4, 0xab, 0xf8, 0x87, - 0x15, 0x4f, 0xf4, 0xf3, 0x16, 0x8c, 0x86, 0x69, 0x37, 0xa1, 0x50, 0x87, 0xc5, 0xc9, 0x80, 0x8c, - 0x1b, 0x92, 0x7b, 0x5b, 0x32, 0x8d, 0x38, 0xdb, 0x0b, 0x2a, 0x01, 0xf5, 0x0c, 0x5e, 0x0a, 0xb9, - 0xcb, 0x72, 0x40, 0x4b, 0xc0, 0xb9, 0x2c, 0x10, 0x77, 0xe2, 0xa3, 0x65, 0x38, 0x4d, 0x7b, 0xb7, - 0xc3, 0xcd, 0x4f, 0xa9, 0x5e, 0x62, 0xa6, 0x0c, 0xab, 0xd3, 0x8f, 0x88, 0x19, 0xc2, 0x0e, 0x05, - 0xb2, 0x38, 0x38, 0xf7, 0x49, 0xf4, 0x7b, 0x16, 0x3c, 0xe2, 0x32, 0x35, 0x60, 0xfa, 0xdb, 0xb5, - 0x46, 0x10, 0x07, 0xb9, 0xa4, 0x50, 0x59, 0xd1, 0x4d, 0xfd, 0x4c, 0xff, 0xb0, 0x78, 0x83, 0x47, - 0xe6, 0xf7, 0xe8, 0x12, 0xde, 0xb3, 0xc3, 0xe8, 0xc7, 0x60, 0x58, 0xae, 0x8b, 0x65, 0x2a, 0x82, - 0x99, 0xa2, 0xad, 0x4d, 0x9f, 0xbc, 0xb3, 0x3b, 0x3e, 0xbc, 0x6a, 0x02, 0x70, 0x1a, 0xcf, 0xfe, - 0x57, 0xe5, 0xd4, 0x71, 0x8a, 0xf2, 0x61, 0x32, 0x71, 0x53, 0x97, 0xfe, 0x1f, 0x29, 0x3d, 0x0b, - 0x15, 0x37, 0xca, 0xbb, 0xa4, 0xc5, 0x8d, 0x6a, 0x8a, 0xb1, 0xc1, 0x9c, 0x1a, 0xa5, 0x27, 0x9d, - 0xac, 0xa7, 0x54, 0x48, 0xc0, 0x97, 0x8b, 0xec, 0x52, 0xe7, 0xe1, 0xd7, 0x59, 0xd1, 0xb5, 0x93, - 0x1d, 0x20, 0xdc, 0xd9, 0x25, 0xf4, 0x71, 0xa8, 0x45, 0x2a, 0x72, 0xa2, 0x5c, 0xc4, 0x56, 0x4d, - 0x4e, 0x1b, 0xd1, 0x1d, 0x75, 0x9a, 0xa3, 0x63, 0x24, 0x34, 0x47, 0xfb, 0x77, 0xd2, 0x27, 0x48, - 0x86, 0xec, 0xe8, 0xe1, 0x74, 0xec, 0x4b, 0x16, 0x0c, 0x46, 0x81, 0xe7, 0xb9, 0x7e, 0x93, 0xca, - 0x39, 0xa1, 0xac, 0x3f, 0x7c, 0x2c, 0xfa, 0x52, 0x08, 0x34, 0x66, 0x59, 0x63, 0xcd, 0x13, 0x9b, - 0x1d, 0xb0, 0xff, 0xd4, 0x82, 0xb1, 0x6e, 0xf2, 0x18, 0x11, 0x78, 0xbb, 0x14, 0x36, 0x6a, 0x28, - 0x96, 0xfc, 0x59, 0xe2, 0x11, 0xe5, 0x36, 0xaf, 0x4e, 0x3f, 0x2e, 0x5e, 0xf3, 0xed, 0xcb, 0xdd, - 0x51, 0xf1, 0x5e, 0x74, 0xd0, 0x4b, 0x70, 0xc2, 0x78, 0xaf, 0x58, 0x0d, 0x4c, 0x6d, 0x7a, 0x82, - 0x1a, 0x40, 0x53, 0x19, 0xd8, 0xdd, 0xdd, 0xf1, 0x87, 0xb2, 0x6d, 0x42, 0x61, 0x74, 0xd0, 0xb1, - 0x7f, 0xa5, 0x94, 0xfd, 0x5a, 0x4a, 0xd7, 0xbf, 0x69, 0x75, 0x78, 0x13, 0x3e, 0x78, 0x1c, 0xfa, - 0x95, 0xf9, 0x1d, 0x54, 0xf8, 0x49, 0x77, 0x9c, 0xfb, 0x78, 0xbe, 0x6d, 0xff, 0xeb, 0x3e, 0xd8, - 0xa3, 0x67, 0x3d, 0x18, 0xef, 0x07, 0x3e, 0x14, 0xfd, 0x82, 0xa5, 0x0e, 0xcc, 0xf8, 0x1a, 0x6e, - 0x1c, 0xd7, 0xd8, 0xf3, 0xfd, 0x53, 0xcc, 0x63, 0x2c, 0x94, 0x17, 0x3d, 0x7d, 0x34, 0x87, 0xbe, - 0x6e, 0xa5, 0x8f, 0xfc, 0x78, 0xd0, 0x9c, 0x7b, 0x6c, 0x7d, 0x32, 0xce, 0x11, 0x79, 0xc7, 0xf4, - 0xe9, 0x53, 0xb7, 0x13, 0xc6, 0x09, 0x80, 0x75, 0xd7, 0x77, 0x3c, 0xf7, 0x35, 0xba, 0x3b, 0xaa, - 0x30, 0x05, 0xcf, 0x2c, 0xa6, 0x4b, 0xaa, 0x15, 0x1b, 0x18, 0xe7, 0xfe, 0x7f, 0x18, 0x34, 0xde, - 0x3c, 0x27, 0x34, 0xe4, 0xb4, 0x19, 0x1a, 0x52, 0x33, 0x22, 0x3a, 0xce, 0xbd, 0x1f, 0x4e, 0x64, - 0x3b, 0x78, 0x90, 0xe7, 0xed, 0xff, 0x39, 0x90, 0x3d, 0x83, 0x5b, 0x25, 0x51, 0x8b, 0x76, 0xed, - 0x2d, 0xc7, 0xd6, 0x5b, 0x8e, 0xad, 0xb7, 0x1c, 0x5b, 0xe6, 0xd9, 0x84, 0x70, 0xda, 0x0c, 0xdc, - 0x23, 0xa7, 0x4d, 0xca, 0x0d, 0x55, 0x2d, 0xdc, 0x0d, 0x65, 0x7f, 0xb6, 0xc3, 0x73, 0xbf, 0x1a, - 0x11, 0x82, 0x02, 0xa8, 0xf8, 0x41, 0x83, 0x48, 0x1b, 0xf7, 0x4a, 0x31, 0x06, 0xdb, 0xb5, 0xa0, - 0x61, 0x84, 0x23, 0xd3, 0x7f, 0x31, 0xe6, 0x7c, 0xec, 0x3b, 0x15, 0x48, 0x99, 0x93, 0xfc, 0xbb, - 0xbf, 0x13, 0x06, 0x22, 0x12, 0x06, 0xd7, 0xf1, 0x82, 0xd0, 0x65, 0x3a, 0x63, 0x81, 0x37, 0x63, - 0x09, 0xa7, 0x3a, 0x2f, 0x74, 0x92, 0x0d, 0xa1, 0xcc, 0x94, 0xce, 0x5b, 0x76, 0x92, 0x0d, 0xcc, - 0x20, 0xe8, 0xfd, 0x30, 0x92, 0xa4, 0x8e, 0xc2, 0xc5, 0x91, 0xef, 0x43, 0x02, 0x77, 0x24, 0x7d, - 0x50, 0x8e, 0x33, 0xd8, 0xe8, 0x55, 0xe8, 0xdb, 0x20, 0x5e, 0x4b, 0x7c, 0xfa, 0x95, 0xe2, 0x74, - 0x0d, 0x7b, 0xd7, 0xcb, 0xc4, 0x6b, 0x71, 0x49, 0x48, 0x7f, 0x61, 0xc6, 0x8a, 0xce, 0xfb, 0xda, - 0x66, 0x3b, 0x4e, 0x82, 0x96, 0xfb, 0x9a, 0xf4, 0x74, 0x7e, 0xb0, 0x60, 0xc6, 0x57, 0x25, 0x7d, - 0xee, 0x52, 0x52, 0x7f, 0xb1, 0xe6, 0xcc, 0xfa, 0xd1, 0x70, 0x23, 0x36, 0x65, 0x76, 0x84, 0xc3, - 0xb2, 0xe8, 0x7e, 0xcc, 0x4a, 0xfa, 0xbc, 0x1f, 0xea, 0x2f, 0xd6, 0x9c, 0xd1, 0x8e, 0x5a, 0x7f, - 0x83, 0xac, 0x0f, 0xd7, 0x0b, 0xee, 0x03, 0x5f, 0x7b, 0xb9, 0xeb, 0xf0, 0x71, 0xa8, 0xd4, 0x37, - 0x9c, 0x28, 0x19, 0x1b, 0x62, 0x93, 0x46, 0xcd, 0xe2, 0x19, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x0a, - 0xe5, 0x88, 0xac, 0xb3, 0xe8, 0x57, 0x23, 0x2e, 0x0a, 0x93, 0x75, 0x4c, 0xdb, 0xed, 0x5f, 0x2a, - 0xa5, 0xcd, 0xb6, 0xf4, 0x7b, 0xf3, 0xd9, 0x5e, 0x6f, 0x47, 0xb1, 0x74, 0x7f, 0x19, 0xb3, 0x9d, - 0x35, 0x63, 0x09, 0x47, 0x9f, 0xb2, 0x60, 0xe0, 0x56, 0x1c, 0xf8, 0x3e, 0x49, 0x84, 0x8a, 0xbc, - 0x51, 0xf0, 0x50, 0x5c, 0xe1, 0xd4, 0x75, 0x1f, 0x44, 0x03, 0x96, 0x7c, 0x69, 0x77, 0xc9, 0x76, - 0xdd, 0x6b, 0x37, 0x3a, 0x42, 0x5d, 0x2e, 0xf2, 0x66, 0x2c, 0xe1, 0x14, 0xd5, 0xf5, 0x39, 0x6a, - 0x5f, 0x1a, 0x75, 0xde, 0x17, 0xa8, 0x02, 0x6e, 0xff, 0xb5, 0x7e, 0x38, 0x93, 0xbb, 0x38, 0xa8, - 0x41, 0xc5, 0x4c, 0x96, 0x4b, 0xae, 0x47, 0x64, 0x90, 0x17, 0x33, 0xa8, 0x6e, 0xa8, 0x56, 0x6c, - 0x60, 0xa0, 0x9f, 0x06, 0x08, 0x9d, 0xc8, 0x69, 0x11, 0xe5, 0x9e, 0x3e, 0xb2, 0xdd, 0x42, 0xfb, - 0xb1, 0x2c, 0x69, 0xea, 0x2d, 0xba, 0x6a, 0x8a, 0xb1, 0xc1, 0x12, 0x3d, 0x07, 0x83, 0x11, 0xf1, - 0x88, 0x13, 0xb3, 0xe0, 0xe9, 0x6c, 0x26, 0x08, 0xd6, 0x20, 0x6c, 0xe2, 0xa1, 0x27, 0x54, 0x3c, - 0x5c, 0x26, 0x2e, 0x28, 0x1d, 0x13, 0x87, 0x5e, 0xb7, 0x60, 0x64, 0xdd, 0xf5, 0x88, 0xe6, 0x2e, - 0xf2, 0x36, 0x96, 0x8e, 0xfe, 0x92, 0x97, 0x4c, 0xba, 0x5a, 0x42, 0xa6, 0x9a, 0x63, 0x9c, 0x61, - 0x4f, 0x3f, 0xf3, 0x16, 0x89, 0x98, 0x68, 0xed, 0x4f, 0x7f, 0xe6, 0x1b, 0xbc, 0x19, 0x4b, 0x38, - 0x9a, 0x82, 0xd1, 0xd0, 0x89, 0xe3, 0x99, 0x88, 0x34, 0x88, 0x9f, 0xb8, 0x8e, 0xc7, 0xb3, 0x2a, - 0xaa, 0x3a, 0xaa, 0x7a, 0x39, 0x0d, 0xc6, 0x59, 0x7c, 0xf4, 0x21, 0x78, 0x98, 0xfb, 0x7f, 0x16, - 0xdd, 0x38, 0x76, 0xfd, 0xa6, 0x9e, 0x06, 0xc2, 0x0d, 0x36, 0x2e, 0x48, 0x3d, 0x3c, 0x9f, 0x8f, - 0x86, 0xbb, 0x3d, 0x8f, 0x9e, 0x82, 0x6a, 0xbc, 0xe9, 0x86, 0x33, 0x51, 0x23, 0x66, 0x67, 0x3f, - 0x55, 0xed, 0x74, 0x5d, 0x11, 0xed, 0x58, 0x61, 0xa0, 0x3a, 0x0c, 0xf1, 0x4f, 0xc2, 0x03, 0xfa, - 0x84, 0x7c, 0x7c, 0xba, 0xab, 0x9a, 0x16, 0x49, 0x82, 0x13, 0xd8, 0xb9, 0x7d, 0x51, 0x9e, 0x44, - 0xf1, 0x83, 0x93, 0x1b, 0x06, 0x19, 0x9c, 0x22, 0x6a, 0xff, 0x42, 0x29, 0xbd, 0xf3, 0x37, 0x17, - 0x29, 0x8a, 0xe9, 0x52, 0x4c, 0x6e, 0x38, 0x91, 0x54, 0xd8, 0x47, 0x4c, 0xfe, 0x10, 0x74, 0x6f, - 0x38, 0x91, 0xb9, 0xa8, 0x19, 0x03, 0x2c, 0x39, 0xa1, 0x5b, 0xd0, 0x97, 0x78, 0x4e, 0x41, 0xd9, - 0x62, 0x06, 0x47, 0xed, 0x88, 0x59, 0x98, 0x8a, 0x31, 0xe3, 0x81, 0x1e, 0xa1, 0xbb, 0x8f, 0x35, - 0x79, 0x52, 0x24, 0x36, 0x0c, 0x6b, 0x31, 0x66, 0xad, 0xf6, 0xb7, 0x06, 0x73, 0xe4, 0xaa, 0x52, - 0x64, 0xe8, 0x02, 0x00, 0xdd, 0xc8, 0x2e, 0x47, 0x64, 0xdd, 0xdd, 0x16, 0x86, 0x84, 0x5a, 0xbb, - 0xd7, 0x14, 0x04, 0x1b, 0x58, 0xf2, 0x99, 0x95, 0xf6, 0x3a, 0x7d, 0xa6, 0xd4, 0xf9, 0x0c, 0x87, - 0x60, 0x03, 0x0b, 0x3d, 0x0b, 0xfd, 0x6e, 0xcb, 0x69, 0xaa, 0x40, 0xd6, 0x47, 0xe8, 0xa2, 0x9d, - 0x67, 0x2d, 0x77, 0x77, 0xc7, 0x47, 0x54, 0x87, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0x57, 0x2c, 0x18, - 0xaa, 0x07, 0xad, 0x56, 0xe0, 0xf3, 0xed, 0x9f, 0xd8, 0xcb, 0xde, 0x3a, 0x2e, 0x35, 0x3f, 0x31, - 0x63, 0x30, 0xe3, 0x9b, 0x59, 0x95, 0xd6, 0x66, 0x82, 0x70, 0xaa, 0x57, 0xe6, 0xda, 0xae, 0xec, - 0xb3, 0xb6, 0x7f, 0xdd, 0x82, 0x93, 0xfc, 0x59, 0x63, 0x57, 0x2a, 0x32, 0xb8, 0x82, 0x63, 0x7e, - 0xad, 0x8e, 0x8d, 0xba, 0x72, 0x56, 0x76, 0xc0, 0x71, 0x67, 0x27, 0xd1, 0x1c, 0x9c, 0x5c, 0x0f, - 0xa2, 0x3a, 0x31, 0x07, 0x42, 0x08, 0x26, 0x45, 0xe8, 0x52, 0x16, 0x01, 0x77, 0x3e, 0x83, 0x6e, - 0xc0, 0x43, 0x46, 0xa3, 0x39, 0x0e, 0x5c, 0x36, 0x3d, 0x26, 0xa8, 0x3d, 0x74, 0x29, 0x17, 0x0b, - 0x77, 0x79, 0x9a, 0x1a, 0xb1, 0x0c, 0xa2, 0x9c, 0x34, 0x42, 0x3e, 0x69, 0x11, 0x9d, 0x82, 0xe2, - 0x0c, 0x76, 0xda, 0xf1, 0x03, 0x3d, 0x38, 0x7e, 0x5e, 0x81, 0xb3, 0xf5, 0xce, 0x91, 0xdd, 0x8a, - 0xdb, 0x6b, 0x2c, 0x7d, 0x89, 0xf2, 0xfe, 0x21, 0x41, 0xe0, 0xec, 0x4c, 0x37, 0x44, 0xdc, 0x9d, - 0x06, 0xfa, 0x18, 0x54, 0x23, 0xc2, 0xbe, 0x2a, 0xcf, 0x43, 0x3a, 0xf2, 0x6e, 0x5f, 0x5b, 0xb0, - 0x9c, 0xac, 0x96, 0xdd, 0xa2, 0x21, 0xc6, 0x8a, 0x23, 0xba, 0x0d, 0x03, 0xa1, 0x93, 0xd4, 0x37, - 0x48, 0x3c, 0x36, 0x5c, 0x84, 0x6f, 0x5a, 0x31, 0x67, 0x47, 0x09, 0x46, 0xda, 0x34, 0x67, 0x82, - 0x25, 0x37, 0x6a, 0xcd, 0xd4, 0x83, 0x56, 0x18, 0xf8, 0xc4, 0x4f, 0xe2, 0xb1, 0x11, 0x6d, 0xcd, - 0xcc, 0xa8, 0x56, 0x6c, 0x60, 0xa0, 0x65, 0x38, 0xcd, 0x7c, 0x5f, 0x37, 0xdd, 0x64, 0x23, 0x68, - 0x27, 0x72, 0x2b, 0x37, 0x36, 0x9a, 0x3e, 0xf1, 0x59, 0xc8, 0xc1, 0xc1, 0xb9, 0x4f, 0x9e, 0xfb, - 0x00, 0x9c, 0xec, 0x10, 0x05, 0x07, 0x72, 0x3b, 0xcd, 0xc2, 0x43, 0xf9, 0x8b, 0xee, 0x40, 0xce, - 0xa7, 0x7f, 0x94, 0x89, 0x3e, 0x36, 0x0c, 0xf1, 0x1e, 0x1c, 0x99, 0x0e, 0x94, 0x89, 0xbf, 0x25, - 0x74, 0xd0, 0xa5, 0xa3, 0x7d, 0xbb, 0x8b, 0xfe, 0x16, 0x97, 0x19, 0xcc, 0x5b, 0x73, 0xd1, 0xdf, - 0xc2, 0x94, 0x36, 0x7a, 0xc3, 0x4a, 0x19, 0x92, 0xdc, 0xfd, 0xf9, 0x91, 0x63, 0xd9, 0x79, 0xf4, - 0x6c, 0x5b, 0xda, 0xbf, 0x5b, 0x82, 0xf3, 0xfb, 0x11, 0xe9, 0x61, 0xf8, 0x1e, 0x87, 0xfe, 0x98, - 0xc5, 0x13, 0x08, 0xa1, 0x3e, 0x48, 0xe7, 0x2a, 0x8f, 0x30, 0x78, 0x05, 0x0b, 0x10, 0xf2, 0xa0, - 0xdc, 0x72, 0x42, 0xe1, 0x15, 0x9b, 0x3f, 0x6a, 0x3a, 0x13, 0xfd, 0xef, 0x78, 0x8b, 0x4e, 0xc8, - 0x7d, 0x2d, 0x46, 0x03, 0xa6, 0x6c, 0x50, 0x02, 0x15, 0x27, 0x8a, 0x1c, 0x79, 0x78, 0x7d, 0xb5, - 0x18, 0x7e, 0x53, 0x94, 0x24, 0x3f, 0xfb, 0x4b, 0x35, 0x61, 0xce, 0xcc, 0xfe, 0xc2, 0x40, 0x2a, - 0xa5, 0x87, 0x45, 0x24, 0xc4, 0xd0, 0x2f, 0x9c, 0x61, 0x56, 0xd1, 0x59, 0x64, 0x3c, 0x27, 0x93, - 0xed, 0x33, 0x45, 0x66, 0xbb, 0x60, 0x85, 0x3e, 0x6f, 0xb1, 0xfc, 0x71, 0x99, 0xe6, 0x24, 0x76, - 0x77, 0xc7, 0x93, 0xce, 0x6e, 0x66, 0xa5, 0xcb, 0x46, 0x6c, 0x72, 0x17, 0x75, 0x20, 0x98, 0x55, - 0xdb, 0x59, 0x07, 0x82, 0x59, 0xa9, 0x12, 0x8e, 0xb6, 0x73, 0x22, 0x0f, 0x0a, 0xc8, 0x41, 0xee, - 0x21, 0xd6, 0xe0, 0xeb, 0x16, 0x9c, 0x74, 0xb3, 0x47, 0xc8, 0x62, 0x2f, 0x74, 0xb3, 0x18, 0xcf, - 0x55, 0xe7, 0x09, 0xb5, 0x32, 0x07, 0x3a, 0x40, 0xb8, 0xb3, 0x33, 0xa8, 0x01, 0x7d, 0xae, 0xbf, - 0x1e, 0x08, 0x23, 0x68, 0xfa, 0x68, 0x9d, 0x9a, 0xf7, 0xd7, 0x03, 0xbd, 0x9a, 0xe9, 0x3f, 0xcc, - 0xa8, 0xa3, 0x05, 0x38, 0x2d, 0xb3, 0x3a, 0x2e, 0xbb, 0x71, 0x12, 0x44, 0x3b, 0x0b, 0x6e, 0xcb, - 0x4d, 0x98, 0x01, 0x53, 0x9e, 0x1e, 0xa3, 0xfa, 0x01, 0xe7, 0xc0, 0x71, 0xee, 0x53, 0xe8, 0x35, - 0x18, 0x90, 0xc7, 0xb6, 0xd5, 0x22, 0xf6, 0x95, 0x9d, 0xf3, 0x5f, 0x4d, 0xa6, 0x15, 0x71, 0x6e, - 0x2b, 0x19, 0xda, 0xaf, 0x0f, 0x42, 0xe7, 0xe9, 0x72, 0xfa, 0x28, 0xd9, 0xba, 0xd7, 0x47, 0xc9, - 0x74, 0xc3, 0x13, 0xeb, 0x53, 0xe0, 0x02, 0xe6, 0xb6, 0xe0, 0xaa, 0x4f, 0xf8, 0x76, 0xfc, 0x3a, - 0x66, 0x3c, 0x50, 0x04, 0xfd, 0x1b, 0xc4, 0xf1, 0x92, 0x8d, 0x62, 0x0e, 0x23, 0x2e, 0x33, 0x5a, - 0xd9, 0x54, 0x2c, 0xde, 0x8a, 0x05, 0x27, 0xb4, 0x0d, 0x03, 0x1b, 0x7c, 0x02, 0x88, 0x3d, 0xc8, - 0xe2, 0x51, 0x07, 0x37, 0x35, 0xab, 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0x61, 0x4b, 0x46, - 0x60, 0x05, 0x5f, 0xba, 0xc5, 0x65, 0xa1, 0xf5, 0x1e, 0x55, 0xf1, 0x51, 0x18, 0x8a, 0x48, 0x3d, - 0xf0, 0xeb, 0xae, 0x47, 0x1a, 0x53, 0xf2, 0xa0, 0xe1, 0x20, 0xc9, 0x47, 0x6c, 0x1f, 0x8f, 0x0d, - 0x1a, 0x38, 0x45, 0x11, 0x7d, 0xce, 0x82, 0x11, 0x95, 0xb9, 0x4b, 0x3f, 0x08, 0x11, 0x0e, 0xe5, - 0x85, 0x82, 0xf2, 0x84, 0x19, 0xcd, 0x69, 0x44, 0xf7, 0x02, 0xe9, 0x36, 0x9c, 0xe1, 0x8b, 0x5e, - 0x02, 0x08, 0xd6, 0x78, 0x6c, 0xd2, 0x54, 0x22, 0xbc, 0xcb, 0x07, 0x79, 0xd5, 0x11, 0x9e, 0xc4, - 0x28, 0x29, 0x60, 0x83, 0x1a, 0xba, 0x0a, 0xc0, 0x97, 0xcd, 0xea, 0x4e, 0xc8, 0xf7, 0x28, 0x3a, - 0x7b, 0x0c, 0x56, 0x14, 0xe4, 0xee, 0xee, 0x78, 0xa7, 0xb7, 0x8f, 0x05, 0x60, 0x18, 0x8f, 0xa3, - 0x9f, 0x82, 0x81, 0xb8, 0xdd, 0x6a, 0x39, 0xca, 0xf7, 0x5c, 0x60, 0x5a, 0x24, 0xa7, 0x6b, 0x88, - 0x22, 0xde, 0x80, 0x25, 0x47, 0x74, 0x8b, 0x0a, 0xd5, 0x58, 0xb8, 0x21, 0xd9, 0x2a, 0xe2, 0x36, - 0xc1, 0x20, 0x7b, 0xa7, 0xf7, 0x48, 0xc3, 0x1b, 0xe7, 0xe0, 0xdc, 0xdd, 0x1d, 0x7f, 0x28, 0xdd, - 0xbe, 0x10, 0x88, 0x44, 0xc5, 0x5c, 0x9a, 0xe8, 0x8a, 0xac, 0x7f, 0x43, 0x5f, 0x5b, 0x96, 0x65, - 0x78, 0x52, 0xd7, 0xbf, 0x61, 0xcd, 0xdd, 0xc7, 0xcc, 0x7c, 0x18, 0x2d, 0xc2, 0xa9, 0x7a, 0xe0, - 0x27, 0x51, 0xe0, 0x79, 0xbc, 0xfe, 0x13, 0xdf, 0xf3, 0x71, 0xdf, 0xf4, 0xdb, 0x45, 0xb7, 0x4f, - 0xcd, 0x74, 0xa2, 0xe0, 0xbc, 0xe7, 0x6c, 0x3f, 0x7d, 0x4e, 0x24, 0x06, 0xe7, 0x59, 0x18, 0x22, - 0xdb, 0x09, 0x89, 0x7c, 0xc7, 0xbb, 0x8e, 0x17, 0xa4, 0x57, 0x96, 0xad, 0x81, 0x8b, 0x46, 0x3b, - 0x4e, 0x61, 0x21, 0x5b, 0x39, 0x4a, 0x8c, 0xe4, 0x5b, 0xee, 0x28, 0x91, 0x6e, 0x11, 0xfb, 0x7f, - 0x95, 0x52, 0x06, 0xd9, 0x7d, 0x39, 0x95, 0x62, 0x55, 0x44, 0x64, 0xb9, 0x15, 0x06, 0x10, 0x1b, - 0x8d, 0x22, 0x39, 0xab, 0x2a, 0x22, 0x4b, 0x26, 0x23, 0x9c, 0xe6, 0x8b, 0x36, 0xa1, 0xb2, 0x11, - 0xc4, 0x89, 0xdc, 0x7e, 0x1c, 0x71, 0xa7, 0x73, 0x39, 0x88, 0x13, 0x66, 0x45, 0xa8, 0xd7, 0xa6, - 0x2d, 0x31, 0xe6, 0x3c, 0xec, 0xff, 0x6c, 0xa5, 0x7c, 0xf0, 0x37, 0x59, 0x00, 0xf3, 0x16, 0xf1, - 0xe9, 0xb2, 0x36, 0x43, 0xa6, 0x7e, 0x2c, 0x93, 0x0e, 0xfa, 0x8e, 0x6e, 0xe5, 0xcd, 0x6e, 0x53, - 0x0a, 0x13, 0x8c, 0x84, 0x11, 0x5d, 0xf5, 0x49, 0x2b, 0x9d, 0xd7, 0x5b, 0x2a, 0x62, 0x83, 0x61, - 0xe6, 0xb6, 0xef, 0x9b, 0x22, 0x6c, 0xbf, 0x61, 0xc1, 0xc0, 0xb4, 0x53, 0xdf, 0x0c, 0xd6, 0xd7, - 0xd1, 0x53, 0x50, 0x6d, 0xb4, 0x23, 0x33, 0xc5, 0x58, 0x39, 0x0e, 0x66, 0x45, 0x3b, 0x56, 0x18, - 0x74, 0x0e, 0xaf, 0x3b, 0x75, 0x99, 0xe1, 0x5e, 0xe6, 0x73, 0xf8, 0x12, 0x6b, 0xc1, 0x02, 0x82, - 0x9e, 0x83, 0xc1, 0x96, 0xb3, 0x2d, 0x1f, 0xce, 0x1e, 0x00, 0x2c, 0x6a, 0x10, 0x36, 0xf1, 0xec, - 0x7f, 0x6e, 0xc1, 0xd8, 0xb4, 0x13, 0xbb, 0xf5, 0xa9, 0x76, 0xb2, 0x31, 0xed, 0x26, 0x6b, 0xed, - 0xfa, 0x26, 0x49, 0x78, 0x59, 0x03, 0xda, 0xcb, 0x76, 0x4c, 0x97, 0x92, 0xda, 0xd7, 0xa9, 0x5e, - 0x5e, 0x17, 0xed, 0x58, 0x61, 0xa0, 0xd7, 0x60, 0x30, 0x74, 0xe2, 0xf8, 0x76, 0x10, 0x35, 0x30, - 0x59, 0x2f, 0xa6, 0xa8, 0xc8, 0x0a, 0xa9, 0x47, 0x24, 0xc1, 0x64, 0x5d, 0x1c, 0x96, 0x6b, 0xfa, - 0xd8, 0x64, 0x66, 0x7f, 0xc9, 0x82, 0xb3, 0xd3, 0xc4, 0x89, 0x48, 0xc4, 0x6a, 0x90, 0xa8, 0x17, - 0x99, 0xf1, 0x82, 0x76, 0x03, 0xbd, 0x0a, 0xd5, 0x84, 0x36, 0xd3, 0x6e, 0x59, 0xc5, 0x76, 0x8b, - 0x9d, 0x75, 0xaf, 0x0a, 0xe2, 0x58, 0xb1, 0xb1, 0xff, 0xba, 0x05, 0x43, 0xec, 0xb8, 0x6e, 0x96, - 0x24, 0x8e, 0xeb, 0x75, 0x94, 0xea, 0xb2, 0x7a, 0x2c, 0xd5, 0x75, 0x1e, 0xfa, 0x36, 0x82, 0x16, - 0xc9, 0x1e, 0x35, 0x5f, 0x0e, 0xe8, 0xb6, 0x9a, 0x42, 0xd0, 0x33, 0xf4, 0xc3, 0xbb, 0x7e, 0xe2, - 0xd0, 0x25, 0x20, 0xdd, 0xc1, 0xa3, 0xfc, 0xa3, 0xab, 0x66, 0x6c, 0xe2, 0xd8, 0xff, 0xac, 0x06, - 0x03, 0x22, 0x2e, 0xa2, 0xe7, 0xd2, 0x16, 0x72, 0x7f, 0x5f, 0xea, 0xba, 0xbf, 0x8f, 0xa1, 0xbf, - 0xce, 0x6a, 0x06, 0x0a, 0x33, 0xf2, 0x6a, 0x21, 0x81, 0x34, 0xbc, 0x0c, 0xa1, 0xee, 0x16, 0xff, - 0x8f, 0x05, 0x2b, 0xf4, 0x65, 0x0b, 0x46, 0xeb, 0x81, 0xef, 0x93, 0xba, 0xb6, 0x71, 0xfa, 0x8a, - 0x88, 0x97, 0x98, 0x49, 0x13, 0xd5, 0x67, 0x45, 0x19, 0x00, 0xce, 0xb2, 0x47, 0x2f, 0xc0, 0x30, - 0x1f, 0xb3, 0x1b, 0x29, 0x1f, 0xb6, 0xae, 0xe0, 0x64, 0x02, 0x71, 0x1a, 0x17, 0x4d, 0xf0, 0xb3, - 0x00, 0x51, 0x2b, 0xa9, 0x5f, 0xbb, 0xea, 0x8c, 0x2a, 0x49, 0x06, 0x06, 0x8a, 0x00, 0x45, 0x64, - 0x3d, 0x22, 0xf1, 0x86, 0x88, 0x1b, 0x61, 0xf6, 0xd5, 0xc0, 0xe1, 0xf2, 0xd8, 0x71, 0x07, 0x25, - 0x9c, 0x43, 0x1d, 0x6d, 0x8a, 0x0d, 0x66, 0xb5, 0x08, 0x19, 0x2a, 0x3e, 0x73, 0xd7, 0x7d, 0xe6, - 0x38, 0x54, 0xe2, 0x0d, 0x27, 0x6a, 0x30, 0xbb, 0xae, 0xcc, 0x73, 0xa7, 0x56, 0x68, 0x03, 0xe6, - 0xed, 0x68, 0x16, 0x4e, 0x64, 0xea, 0x4f, 0xc5, 0xcc, 0x72, 0xab, 0xea, 0x3c, 0x99, 0x4c, 0xe5, - 0xaa, 0x18, 0x77, 0x3c, 0x61, 0x3a, 0x1f, 0x06, 0xf7, 0x71, 0x3e, 0xec, 0xa8, 0xe8, 0x44, 0xee, - 0x42, 0x7e, 0xb1, 0x90, 0x01, 0xe8, 0x29, 0x14, 0xf1, 0x8b, 0x99, 0x50, 0x44, 0xee, 0x46, 0xbe, - 0x51, 0x4c, 0x07, 0x0e, 0x1e, 0x77, 0x78, 0x3f, 0xe3, 0x08, 0xff, 0xc2, 0x02, 0xf9, 0x5d, 0x67, - 0x9c, 0xfa, 0x06, 0xa1, 0x53, 0x06, 0xbd, 0x1f, 0x46, 0xd4, 0x16, 0x7a, 0x26, 0x68, 0xfb, 0x3c, - 0x84, 0xb0, 0xac, 0x4f, 0x2c, 0x70, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x12, 0x6a, 0x74, 0x9c, 0xf8, - 0xa3, 0x5c, 0xd7, 0xaa, 0x6d, 0xfa, 0xd4, 0xf2, 0xbc, 0x78, 0x4a, 0xe3, 0xa0, 0x00, 0x4e, 0x7a, - 0x4e, 0x9c, 0xb0, 0x1e, 0xd0, 0x1d, 0xf5, 0x21, 0xab, 0x48, 0xb0, 0x64, 0x8c, 0x85, 0x2c, 0x21, - 0xdc, 0x49, 0xdb, 0xfe, 0x37, 0x15, 0x18, 0x4e, 0x49, 0xc6, 0x03, 0x2a, 0xe9, 0xa7, 0xa0, 0x2a, - 0xf5, 0x66, 0xb6, 0x5c, 0x8e, 0x52, 0xae, 0x0a, 0x83, 0x2a, 0xad, 0x35, 0xad, 0x55, 0xb3, 0x46, - 0x85, 0xa1, 0x70, 0xb1, 0x89, 0xc7, 0x84, 0x72, 0xe2, 0xc5, 0x33, 0x9e, 0x4b, 0xfc, 0x84, 0x77, - 0xb3, 0x18, 0xa1, 0xbc, 0xba, 0xb0, 0x62, 0x12, 0xd5, 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, - 0x33, 0x16, 0x0c, 0x3b, 0xb7, 0x63, 0x5d, 0xd8, 0x56, 0x04, 0x1d, 0x1e, 0x51, 0x49, 0xa5, 0x6a, - 0xe5, 0x72, 0x97, 0x6f, 0xaa, 0x09, 0xa7, 0x99, 0xa2, 0x37, 0x2d, 0x40, 0x64, 0x9b, 0xd4, 0x65, - 0x58, 0xa4, 0xe8, 0x4b, 0x7f, 0x11, 0x3b, 0xcd, 0x8b, 0x1d, 0x74, 0xb9, 0x54, 0xef, 0x6c, 0xc7, - 0x39, 0x7d, 0x40, 0x57, 0x00, 0x35, 0xdc, 0xd8, 0x59, 0xf3, 0xc8, 0x4c, 0xd0, 0x92, 0x09, 0x84, - 0xe2, 0x3c, 0xf2, 0x9c, 0x18, 0x67, 0x34, 0xdb, 0x81, 0x81, 0x73, 0x9e, 0x62, 0xb3, 0x2c, 0x0a, - 0xb6, 0x77, 0xae, 0x47, 0x1e, 0xd3, 0x12, 0xe6, 0x2c, 0x13, 0xed, 0x58, 0x61, 0xd8, 0xdf, 0x2a, - 0xab, 0xa5, 0xac, 0x63, 0x80, 0x1d, 0x23, 0x16, 0xd1, 0x3a, 0x7c, 0x2c, 0xa2, 0x8e, 0xa5, 0xe8, - 0x4c, 0x8b, 0x4d, 0x65, 0xd1, 0x95, 0xee, 0x53, 0x16, 0xdd, 0xcf, 0x58, 0xa9, 0x92, 0x54, 0x83, - 0x17, 0x5e, 0x2a, 0x36, 0xfe, 0x78, 0x82, 0xc7, 0x79, 0x64, 0xf4, 0x4a, 0x3a, 0xbc, 0x87, 0xca, - 0x71, 0x03, 0xed, 0x40, 0x72, 0xf8, 0xdf, 0x95, 0x61, 0xd0, 0xd0, 0xe1, 0xb9, 0x06, 0x99, 0xf5, - 0x80, 0x19, 0x64, 0xa5, 0x03, 0x18, 0x64, 0x3f, 0x0d, 0xb5, 0xba, 0xd4, 0x2f, 0xc5, 0x14, 0x65, - 0xce, 0x6a, 0x2d, 0xad, 0x62, 0x54, 0x13, 0xd6, 0x3c, 0xd1, 0x5c, 0x2a, 0xf7, 0x4a, 0xe8, 0xa6, - 0x3e, 0xa6, 0x9b, 0xf2, 0x92, 0xa3, 0x84, 0x8e, 0xea, 0x7c, 0x86, 0x55, 0x2e, 0x0b, 0x5d, 0xf1, - 0x5e, 0x32, 0x4b, 0x80, 0x57, 0x2e, 0x5b, 0x9e, 0x97, 0xcd, 0xd8, 0xc4, 0xb1, 0xbf, 0x63, 0xa9, - 0x8f, 0x7b, 0x0f, 0x8a, 0x6c, 0xdc, 0x4a, 0x17, 0xd9, 0xb8, 0x58, 0xc8, 0x30, 0x77, 0xa9, 0xae, - 0x71, 0x0d, 0x06, 0x66, 0x82, 0x56, 0xcb, 0xf1, 0x1b, 0xe8, 0x47, 0x60, 0xa0, 0xce, 0x7f, 0x0a, - 0x97, 0x12, 0x3b, 0x98, 0x14, 0x50, 0x2c, 0x61, 0xe8, 0x11, 0xe8, 0x73, 0xa2, 0xa6, 0x74, 0x23, - 0xb1, 0xb0, 0xa0, 0xa9, 0xa8, 0x19, 0x63, 0xd6, 0x6a, 0xff, 0xc3, 0x3e, 0x60, 0xa7, 0xe9, 0x4e, - 0x44, 0x1a, 0xab, 0x01, 0x2b, 0x0a, 0x79, 0xac, 0xc7, 0x79, 0x7a, 0x9b, 0xf6, 0x20, 0x1f, 0xe9, - 0x19, 0xc7, 0x3a, 0xe5, 0x7b, 0x7c, 0xac, 0xd3, 0xe5, 0xa4, 0xae, 0xef, 0x01, 0x3a, 0xa9, 0xb3, - 0xbf, 0x60, 0x01, 0x52, 0x21, 0x18, 0xfa, 0x28, 0x7d, 0x12, 0x6a, 0x2a, 0x18, 0x43, 0x98, 0x74, - 0x5a, 0x44, 0x48, 0x00, 0xd6, 0x38, 0x3d, 0xec, 0xcd, 0x1f, 0x97, 0xf2, 0xbb, 0x9c, 0x8e, 0x28, - 0x66, 0x52, 0x5f, 0x88, 0x73, 0xfb, 0xb7, 0x4a, 0xf0, 0x10, 0x37, 0x06, 0x16, 0x1d, 0xdf, 0x69, - 0x92, 0x16, 0xed, 0x55, 0xaf, 0xc1, 0x11, 0x75, 0xba, 0x29, 0x74, 0x65, 0x84, 0xf0, 0x51, 0xd7, - 0x2e, 0x5f, 0x73, 0x7c, 0x95, 0xcd, 0xfb, 0x6e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0xde, 0x58, - 0x20, 0x64, 0x71, 0x41, 0x8c, 0x94, 0x58, 0x12, 0x7a, 0x93, 0x60, 0xc5, 0x88, 0x1a, 0x33, 0x5e, - 0x50, 0xdf, 0xc4, 0x24, 0x0c, 0x98, 0xdc, 0x35, 0x02, 0x34, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xf6, - 0x6f, 0x59, 0x90, 0xd5, 0x48, 0x46, 0xf5, 0x3d, 0x6b, 0xcf, 0xea, 0x7b, 0x07, 0xa8, 0x5f, 0xf7, - 0x93, 0x30, 0xe8, 0x24, 0xd4, 0x88, 0xe0, 0x1b, 0xfe, 0xf2, 0xe1, 0x0e, 0x54, 0x16, 0x83, 0x86, - 0xbb, 0xee, 0xb2, 0x8d, 0xbe, 0x49, 0xce, 0xfe, 0xef, 0x7d, 0x70, 0xb2, 0x23, 0x9f, 0x06, 0x3d, - 0x0f, 0x43, 0x75, 0x31, 0x3d, 0x42, 0xe9, 0x4a, 0xab, 0x99, 0x01, 0x7d, 0x1a, 0x86, 0x53, 0x98, - 0x3d, 0x4c, 0xd0, 0x79, 0x38, 0x15, 0x91, 0x57, 0xdb, 0xa4, 0x4d, 0xa6, 0xd6, 0x13, 0x12, 0xad, - 0x90, 0x7a, 0xe0, 0x37, 0x78, 0x8d, 0xc8, 0xf2, 0xf4, 0xc3, 0x77, 0x76, 0xc7, 0x4f, 0xe1, 0x4e, - 0x30, 0xce, 0x7b, 0x06, 0x85, 0x30, 0xec, 0x99, 0x36, 0xa0, 0xd8, 0x7a, 0x1c, 0xca, 0x7c, 0x54, - 0x36, 0x42, 0xaa, 0x19, 0xa7, 0x19, 0xa4, 0x0d, 0xc9, 0xca, 0x7d, 0x32, 0x24, 0x3f, 0xad, 0x0d, - 0x49, 0x7e, 0xf2, 0xff, 0xe1, 0x82, 0xf3, 0xa9, 0x8e, 0xdb, 0x92, 0x7c, 0x11, 0xaa, 0x32, 0x2a, - 0xaa, 0xa7, 0x68, 0x22, 0x93, 0x4e, 0x17, 0x89, 0xf6, 0x04, 0xfc, 0xf0, 0xc5, 0x28, 0x32, 0x06, - 0xf3, 0x5a, 0x90, 0x4c, 0x79, 0x5e, 0x70, 0x9b, 0x2a, 0xe9, 0xeb, 0x31, 0x11, 0xbe, 0x1d, 0xfb, - 0x6e, 0x09, 0x72, 0xb6, 0x49, 0x74, 0x3d, 0x6a, 0xcb, 0x20, 0xb5, 0x1e, 0x0f, 0x66, 0x1d, 0xa0, - 0x6d, 0x1e, 0x39, 0xc6, 0x75, 0xe0, 0x87, 0x8a, 0xde, 0xe6, 0xe9, 0x60, 0x32, 0x95, 0x06, 0xa2, - 0x02, 0xca, 0x2e, 0x00, 0x68, 0x83, 0x4e, 0x04, 0xf9, 0xab, 0x83, 0x69, 0x6d, 0xf7, 0x61, 0x03, - 0x8b, 0xee, 0xfa, 0x5d, 0x3f, 0x4e, 0x1c, 0xcf, 0xbb, 0xec, 0xfa, 0x89, 0x70, 0x5f, 0x2a, 0x65, - 0x3f, 0xaf, 0x41, 0xd8, 0xc4, 0x3b, 0xf7, 0x1e, 0xe3, 0xfb, 0x1d, 0xe4, 0xbb, 0x6f, 0xc0, 0xd9, - 0x39, 0x37, 0x51, 0xa9, 0x29, 0x6a, 0xbe, 0x51, 0x7b, 0x4d, 0xa5, 0x5a, 0x59, 0x5d, 0x53, 0xad, - 0x8c, 0xd4, 0x90, 0x52, 0x3a, 0x93, 0x25, 0x9b, 0x1a, 0x62, 0x3f, 0x0f, 0xa7, 0xe7, 0xdc, 0xe4, - 0x92, 0xeb, 0x91, 0x03, 0x32, 0xb1, 0x7f, 0xb3, 0x1f, 0x86, 0xcc, 0x24, 0xcb, 0x83, 0x64, 0x8b, - 0x7d, 0x89, 0x9a, 0x64, 0xe2, 0xed, 0x5c, 0x75, 0xac, 0x77, 0xf3, 0xc8, 0x19, 0x9f, 0xf9, 0x23, - 0x66, 0x58, 0x65, 0x9a, 0x27, 0x36, 0x3b, 0x80, 0x6e, 0x43, 0x65, 0x9d, 0xa5, 0x2e, 0x94, 0x8b, - 0x88, 0x7d, 0xc8, 0x1b, 0x51, 0xbd, 0x1c, 0x79, 0xf2, 0x03, 0xe7, 0x47, 0x35, 0x69, 0x94, 0xce, - 0x87, 0x33, 0xc2, 0x65, 0x45, 0x26, 0x9c, 0xc2, 0xe8, 0xa6, 0x12, 0x2a, 0x87, 0x50, 0x09, 0x29, - 0x01, 0xdd, 0x7f, 0x9f, 0x04, 0x34, 0x4b, 0x43, 0x49, 0x36, 0x98, 0x9d, 0x27, 0xf2, 0x03, 0x06, - 0xd8, 0x20, 0x18, 0x69, 0x28, 0x29, 0x30, 0xce, 0xe2, 0xa3, 0x4f, 0x28, 0x11, 0x5f, 0x2d, 0xc2, - 0xf3, 0x6b, 0xce, 0xe8, 0xe3, 0x96, 0xee, 0x5f, 0x28, 0xc1, 0xc8, 0x9c, 0xdf, 0x5e, 0x9e, 0x5b, - 0x6e, 0xaf, 0x79, 0x6e, 0xfd, 0x2a, 0xd9, 0xa1, 0x22, 0x7c, 0x93, 0xec, 0xcc, 0xcf, 0x8a, 0x15, - 0xa4, 0xe6, 0xcc, 0x55, 0xda, 0x88, 0x39, 0x8c, 0x0a, 0xa3, 0x75, 0xd7, 0x6f, 0x92, 0x28, 0x8c, - 0x5c, 0xe1, 0x94, 0x35, 0x84, 0xd1, 0x25, 0x0d, 0xc2, 0x26, 0x1e, 0xa5, 0x1d, 0xdc, 0xf6, 0x49, - 0x94, 0x35, 0x78, 0x97, 0x68, 0x23, 0xe6, 0x30, 0x8a, 0x94, 0x44, 0xed, 0x38, 0x11, 0x93, 0x51, - 0x21, 0xad, 0xd2, 0x46, 0xcc, 0x61, 0x74, 0xa5, 0xc7, 0xed, 0x35, 0x16, 0x5a, 0x92, 0x49, 0x46, - 0x58, 0xe1, 0xcd, 0x58, 0xc2, 0x29, 0xea, 0x26, 0xd9, 0x99, 0xa5, 0xbb, 0xe3, 0x4c, 0x4e, 0xd2, - 0x55, 0xde, 0x8c, 0x25, 0x9c, 0x55, 0xb1, 0x4c, 0x0f, 0xc7, 0xf7, 0x5d, 0x15, 0xcb, 0x74, 0xf7, - 0xbb, 0xec, 0xb3, 0x7f, 0xd9, 0x82, 0x21, 0x33, 0x20, 0x0c, 0x35, 0x33, 0xb6, 0xf0, 0x52, 0x47, - 0x11, 0xe4, 0xf7, 0xe5, 0x5d, 0x40, 0xd7, 0x74, 0x93, 0x20, 0x8c, 0x9f, 0x26, 0x7e, 0xd3, 0xf5, - 0x09, 0x3b, 0xe7, 0xe7, 0x81, 0x64, 0xa9, 0x68, 0xb3, 0x99, 0xa0, 0x41, 0x0e, 0x61, 0x4c, 0xdb, - 0x37, 0xe1, 0x64, 0x47, 0x22, 0x5a, 0x0f, 0x26, 0xc8, 0xbe, 0x69, 0xc0, 0x36, 0x86, 0x41, 0x4a, - 0x58, 0x56, 0x52, 0x9a, 0x81, 0x93, 0x7c, 0x21, 0x51, 0x4e, 0x2b, 0xf5, 0x0d, 0xd2, 0x52, 0xc9, - 0x85, 0xec, 0x04, 0xe0, 0x46, 0x16, 0x88, 0x3b, 0xf1, 0xed, 0x2f, 0x5a, 0x30, 0x9c, 0xca, 0x0d, - 0x2c, 0xc8, 0x58, 0x62, 0x2b, 0x2d, 0x60, 0xf1, 0x89, 0x2c, 0x48, 0xbb, 0xcc, 0x94, 0xa9, 0x5e, - 0x69, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x8d, 0x12, 0x54, 0x65, 0x8c, 0x47, 0x0f, 0x5d, 0xf9, 0xbc, - 0x05, 0xc3, 0xea, 0xd4, 0x85, 0x39, 0xd5, 0x4a, 0x45, 0x24, 0x62, 0xd0, 0x1e, 0xa8, 0x6d, 0xb9, - 0xbf, 0x1e, 0x68, 0xcb, 0x1d, 0x9b, 0xcc, 0x70, 0x9a, 0x37, 0xba, 0x01, 0x10, 0xef, 0xc4, 0x09, - 0x69, 0x19, 0xee, 0x3d, 0xdb, 0x58, 0x71, 0x13, 0xf5, 0x20, 0x22, 0x74, 0x7d, 0x5d, 0x0b, 0x1a, - 0x64, 0x45, 0x61, 0x6a, 0x13, 0x4a, 0xb7, 0x61, 0x83, 0x92, 0xfd, 0xf7, 0x4b, 0x70, 0x22, 0xdb, - 0x25, 0xf4, 0x61, 0x18, 0x92, 0xdc, 0x8d, 0xbb, 0xf4, 0x64, 0x60, 0xcb, 0x10, 0x36, 0x60, 0x77, - 0x77, 0xc7, 0xc7, 0x3b, 0x2f, 0x33, 0x9c, 0x30, 0x51, 0x70, 0x8a, 0x18, 0x3f, 0xfa, 0x12, 0x67, - 0xb4, 0xd3, 0x3b, 0x53, 0x61, 0x28, 0xce, 0xaf, 0x8c, 0xa3, 0x2f, 0x13, 0x8a, 0x33, 0xd8, 0x68, - 0x19, 0x4e, 0x1b, 0x2d, 0xd7, 0x88, 0xdb, 0xdc, 0x58, 0x0b, 0x22, 0xb9, 0x03, 0x7b, 0x44, 0x87, - 0x9e, 0x75, 0xe2, 0xe0, 0xdc, 0x27, 0xa9, 0xb6, 0xaf, 0x3b, 0xa1, 0x53, 0x77, 0x93, 0x1d, 0xe1, - 0xaf, 0x54, 0xb2, 0x69, 0x46, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0x42, 0x5f, 0x8f, 0x33, 0xa8, 0x27, - 0xcb, 0xff, 0x45, 0xa8, 0x52, 0x72, 0xd2, 0xbc, 0x2b, 0x82, 0x64, 0x00, 0x55, 0x79, 0xc7, 0x0d, - 0xb2, 0xa1, 0xec, 0x3a, 0xf2, 0x74, 0x51, 0xbd, 0xd6, 0x7c, 0x1c, 0xb7, 0xd9, 0x66, 0x9a, 0x02, - 0xd1, 0xe3, 0x50, 0x26, 0xdb, 0x61, 0xf6, 0x18, 0xf1, 0xe2, 0x76, 0xe8, 0x46, 0x24, 0xa6, 0x48, - 0x64, 0x3b, 0x44, 0xe7, 0xa0, 0xe4, 0x36, 0x84, 0x92, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, - 0xb7, 0x61, 0x6f, 0x43, 0x4d, 0x5d, 0xaa, 0x83, 0x36, 0xa5, 0xec, 0xb6, 0x8a, 0x08, 0xca, 0x92, - 0x74, 0xbb, 0x48, 0xed, 0x36, 0x80, 0x4e, 0x92, 0x2c, 0x4a, 0xbe, 0x9c, 0x87, 0xbe, 0x7a, 0x20, - 0x12, 0xb8, 0xab, 0x9a, 0x0c, 0x13, 0xda, 0x0c, 0x62, 0xdf, 0x84, 0x91, 0xab, 0x7e, 0x70, 0x9b, - 0x95, 0xf4, 0x67, 0x15, 0xec, 0x28, 0xe1, 0x75, 0xfa, 0x23, 0x6b, 0x22, 0x30, 0x28, 0xe6, 0x30, - 0x55, 0x5b, 0xab, 0xd4, 0xad, 0xb6, 0x96, 0xfd, 0x49, 0x0b, 0x86, 0x54, 0xb6, 0xd4, 0xdc, 0xd6, - 0x26, 0xa5, 0xdb, 0x8c, 0x82, 0x76, 0x98, 0xa5, 0xcb, 0xae, 0xbd, 0xc2, 0x1c, 0x66, 0xa6, 0x21, - 0x96, 0xf6, 0x49, 0x43, 0x3c, 0x0f, 0x7d, 0x9b, 0xae, 0xdf, 0xc8, 0xde, 0xe3, 0x72, 0xd5, 0xf5, - 0x1b, 0x98, 0x41, 0xec, 0x6f, 0x59, 0x70, 0x42, 0x75, 0x41, 0x2a, 0x84, 0xe7, 0x61, 0x68, 0xad, - 0xed, 0x7a, 0x0d, 0x59, 0x9a, 0x2f, 0xe3, 0x51, 0x99, 0x36, 0x60, 0x38, 0x85, 0x49, 0xf7, 0x75, - 0x6b, 0xae, 0xef, 0x44, 0x3b, 0xcb, 0x5a, 0x03, 0x29, 0xa1, 0x34, 0xad, 0x20, 0xd8, 0xc0, 0xa2, - 0xdc, 0x62, 0x92, 0xe8, 0xf0, 0x4c, 0xfe, 0x21, 0x14, 0xb7, 0x15, 0x03, 0x86, 0x53, 0x98, 0xf6, - 0xeb, 0x65, 0x18, 0x49, 0x67, 0x9b, 0xf5, 0xb0, 0x31, 0x7b, 0x1c, 0x2a, 0x2c, 0x01, 0x2d, 0x3b, - 0x29, 0x78, 0x1d, 0x3c, 0x0e, 0x43, 0x31, 0xf4, 0xf3, 0xd2, 0x17, 0xc5, 0xdc, 0x9e, 0xa4, 0x3a, - 0xa9, 0x3c, 0x38, 0x2c, 0x56, 0x4e, 0x54, 0xdb, 0x10, 0xac, 0xd0, 0x67, 0x2c, 0x18, 0x08, 0x42, - 0xb3, 0x9a, 0xd3, 0x87, 0x8a, 0xcc, 0xc4, 0x13, 0x89, 0x40, 0xc2, 0x96, 0x56, 0x93, 0x46, 0x7e, - 0x48, 0xc9, 0xfa, 0xdc, 0x7b, 0x61, 0xc8, 0xc4, 0xdc, 0xcf, 0x9c, 0xae, 0x9a, 0xe6, 0xf4, 0xe7, - 0xcd, 0xe9, 0x24, 0x72, 0x0d, 0x7b, 0x58, 0xa8, 0xd7, 0xa1, 0x52, 0x57, 0xc1, 0x0d, 0x87, 0x2a, - 0x05, 0xab, 0x6a, 0x51, 0xb0, 0x63, 0x26, 0x4e, 0xcd, 0xfe, 0x8e, 0x65, 0xcc, 0x0f, 0x4c, 0xe2, - 0xf9, 0x06, 0x8a, 0xa0, 0xdc, 0xdc, 0xda, 0x14, 0x46, 0xec, 0x95, 0x82, 0x86, 0x77, 0x6e, 0x6b, - 0x53, 0xcf, 0x57, 0xb3, 0x15, 0x53, 0x66, 0x3d, 0xb8, 0x19, 0x53, 0x29, 0xa9, 0xe5, 0xfd, 0x53, - 0x52, 0xed, 0x37, 0x4b, 0x70, 0xb2, 0x63, 0x52, 0xa1, 0xd7, 0xa0, 0x12, 0xd1, 0xb7, 0x14, 0xaf, - 0xb7, 0x50, 0x58, 0x12, 0x69, 0x3c, 0xdf, 0xd0, 0x1a, 0x3b, 0xdd, 0x8e, 0x39, 0x4b, 0x74, 0x05, - 0x90, 0x0e, 0xc1, 0x51, 0x3e, 0x4e, 0xfe, 0xca, 0xea, 0x9c, 0x7e, 0xaa, 0x03, 0x03, 0xe7, 0x3c, - 0x85, 0x5e, 0xc8, 0xba, 0x4a, 0xcb, 0xe9, 0x93, 0xd1, 0xbd, 0xbc, 0x9e, 0xf6, 0x3f, 0x2d, 0xc1, - 0x70, 0xaa, 0xb8, 0x16, 0xf2, 0xa0, 0x4a, 0x3c, 0x76, 0x6c, 0x20, 0xd5, 0xd4, 0x51, 0x4b, 0x65, - 0x2b, 0xd5, 0x7a, 0x51, 0xd0, 0xc5, 0x8a, 0xc3, 0x83, 0x71, 0x7c, 0xff, 0x3c, 0x0c, 0xc9, 0x0e, - 0x7d, 0xc8, 0x69, 0x79, 0x62, 0x00, 0xd5, 0x1c, 0xbd, 0x68, 0xc0, 0x70, 0x0a, 0xd3, 0xfe, 0xed, - 0x32, 0x8c, 0xf1, 0x73, 0x96, 0x86, 0x9a, 0x79, 0x8b, 0x72, 0xa7, 0xf6, 0x97, 0x75, 0x09, 0x3c, - 0x3e, 0x90, 0x6b, 0x47, 0xbd, 0x99, 0x22, 0x9f, 0x51, 0x4f, 0x51, 0x67, 0x5f, 0xcb, 0x44, 0x9d, - 0x71, 0x83, 0xbd, 0x79, 0x4c, 0x3d, 0xfa, 0xfe, 0x0a, 0x43, 0xfb, 0x3b, 0x25, 0x18, 0xcd, 0x5c, - 0xfb, 0x81, 0x5e, 0x4f, 0x57, 0x8a, 0xb6, 0x8a, 0xf0, 0xc6, 0xef, 0x79, 0x13, 0xc4, 0xc1, 0xea, - 0x45, 0xdf, 0xa7, 0xa5, 0x62, 0xff, 0x61, 0x09, 0x46, 0xd2, 0xf7, 0x95, 0x3c, 0x80, 0x23, 0xf5, - 0x2e, 0xa8, 0xb1, 0x92, 0xfc, 0xec, 0x1a, 0x57, 0xee, 0xcc, 0xe7, 0xd5, 0xcf, 0x65, 0x23, 0xd6, - 0xf0, 0x07, 0xa2, 0x0c, 0xb7, 0xfd, 0x77, 0x2d, 0x38, 0xc3, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x4a, - 0xde, 0xe8, 0xbe, 0x5c, 0x6c, 0x07, 0x33, 0xa5, 0x1b, 0xf7, 0x1b, 0x5f, 0x76, 0x7d, 0xa4, 0xe8, - 0x6d, 0x7a, 0x2a, 0x3c, 0x80, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xb0, 0x0c, 0xfa, 0xc6, 0x4c, - 0xe4, 0x8a, 0xfc, 0xcd, 0x42, 0x4a, 0x58, 0xae, 0xec, 0xf8, 0x75, 0x7d, 0x37, 0x67, 0x35, 0x93, - 0xbe, 0xf9, 0x73, 0x16, 0x0c, 0xba, 0xbe, 0x9b, 0xb8, 0x0e, 0xdb, 0x80, 0x17, 0x73, 0x9b, 0x9f, - 0x62, 0x37, 0xcf, 0x29, 0x07, 0x91, 0x79, 0x02, 0xa4, 0x98, 0x61, 0x93, 0x33, 0xfa, 0xa8, 0x08, - 0x0c, 0x2f, 0x17, 0x96, 0x79, 0x5c, 0xcd, 0x44, 0x83, 0x87, 0xd4, 0xf0, 0x4a, 0xa2, 0x82, 0x12, - 0xf6, 0x31, 0x25, 0xa5, 0xaa, 0x21, 0xeb, 0xbb, 0xcb, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x18, 0x50, - 0xe7, 0x58, 0x1c, 0x30, 0xe8, 0x76, 0x12, 0x6a, 0x4e, 0x3b, 0x09, 0x5a, 0x74, 0x98, 0xc4, 0x21, - 0x95, 0x0e, 0x2b, 0x96, 0x00, 0xac, 0x71, 0xec, 0xd7, 0x2b, 0x90, 0x49, 0xa8, 0x44, 0xdb, 0xe6, - 0x6d, 0xaf, 0x56, 0xb1, 0xb7, 0xbd, 0xaa, 0xce, 0xe4, 0xdd, 0xf8, 0x8a, 0x9a, 0x50, 0x09, 0x37, - 0x9c, 0x58, 0x9a, 0xd5, 0x2f, 0xaa, 0x7d, 0x1c, 0x6d, 0xbc, 0xbb, 0x3b, 0xfe, 0x13, 0xbd, 0xf9, - 0x6b, 0xe9, 0x5c, 0x9d, 0xe4, 0xa5, 0x59, 0x34, 0x6b, 0x46, 0x03, 0x73, 0xfa, 0x07, 0xb9, 0xcf, - 0xf0, 0x53, 0xe2, 0xee, 0x01, 0x4c, 0xe2, 0xb6, 0x97, 0x88, 0xd9, 0xf0, 0x62, 0x81, 0xab, 0x8c, - 0x13, 0xd6, 0xa5, 0x00, 0xf8, 0x7f, 0x6c, 0x30, 0x45, 0x1f, 0x86, 0x5a, 0x9c, 0x38, 0x51, 0x72, - 0xc8, 0xe4, 0x5d, 0x35, 0xe8, 0x2b, 0x92, 0x08, 0xd6, 0xf4, 0xd0, 0x4b, 0xac, 0xa2, 0xaf, 0x1b, - 0x6f, 0x1c, 0x32, 0x9f, 0x43, 0x56, 0xff, 0x15, 0x14, 0xb0, 0x41, 0x0d, 0x5d, 0x00, 0x60, 0x73, - 0x9b, 0x87, 0x12, 0x56, 0x99, 0x7f, 0x4a, 0x89, 0x42, 0xac, 0x20, 0xd8, 0xc0, 0xb2, 0x7f, 0x14, - 0xd2, 0xb5, 0x2c, 0xd0, 0xb8, 0x2c, 0x9d, 0xc1, 0xfd, 0xd7, 0x2c, 0x2f, 0x23, 0x55, 0xe5, 0xe2, - 0xd7, 0x2d, 0x30, 0x0b, 0x6e, 0xa0, 0x57, 0x79, 0x65, 0x0f, 0xab, 0x88, 0x33, 0x47, 0x83, 0xee, - 0xc4, 0xa2, 0x13, 0x66, 0x0e, 0xbf, 0x65, 0x79, 0x8f, 0x73, 0xef, 0x81, 0xaa, 0x84, 0x1e, 0xc8, - 0xa8, 0xfb, 0x04, 0x9c, 0xca, 0xde, 0x85, 0x2f, 0xce, 0xab, 0xf6, 0x77, 0x1a, 0x49, 0x4f, 0x50, - 0xa9, 0x9b, 0x27, 0xa8, 0x87, 0x3b, 0x7f, 0x7f, 0xc3, 0x82, 0xf3, 0xfb, 0x5d, 0xd9, 0x8f, 0x1e, - 0x81, 0xbe, 0xdb, 0x4e, 0x24, 0x4b, 0xad, 0x33, 0x41, 0x79, 0xd3, 0x89, 0x7c, 0xcc, 0x5a, 0xd1, - 0x0e, 0xf4, 0xf3, 0x78, 0x33, 0x61, 0xad, 0x1f, 0x71, 0x6d, 0xe4, 0x0c, 0x87, 0xde, 0x2e, 0xf0, - 0x58, 0x37, 0x2c, 0x18, 0xda, 0xdf, 0xb5, 0x00, 0x2d, 0x6d, 0x91, 0x28, 0x72, 0x1b, 0x46, 0x84, - 0x1c, 0xbb, 0xc3, 0xc7, 0xb8, 0xab, 0xc7, 0x4c, 0xdf, 0xcd, 0xdc, 0xe1, 0x63, 0xfc, 0xcb, 0xbf, - 0xc3, 0xa7, 0x74, 0xb0, 0x3b, 0x7c, 0xd0, 0x12, 0x9c, 0x69, 0xf1, 0xed, 0x06, 0xbf, 0x17, 0x83, - 0xef, 0x3d, 0x54, 0xb2, 0xdc, 0xd9, 0x3b, 0xbb, 0xe3, 0x67, 0x16, 0xf3, 0x10, 0x70, 0xfe, 0x73, - 0xf6, 0x7b, 0x00, 0xf1, 0xc0, 0xb8, 0x99, 0xbc, 0x28, 0xa7, 0xae, 0xee, 0x17, 0xfb, 0xab, 0x15, - 0x18, 0xcd, 0x14, 0xe2, 0xa5, 0x5b, 0xbd, 0xce, 0xb0, 0xaa, 0x23, 0xeb, 0xef, 0xce, 0xee, 0xf5, - 0x14, 0xa8, 0xe5, 0x43, 0xc5, 0xf5, 0xc3, 0x76, 0x52, 0x4c, 0x7e, 0x2c, 0xef, 0xc4, 0x3c, 0x25, - 0x68, 0x38, 0x9a, 0xe9, 0x5f, 0xcc, 0xd9, 0x14, 0x19, 0xf6, 0x95, 0x32, 0xc6, 0xfb, 0xee, 0x93, - 0x3b, 0xe0, 0x53, 0x3a, 0x08, 0xab, 0x52, 0x84, 0x63, 0x31, 0x33, 0x59, 0x8e, 0xfb, 0x90, 0xfe, - 0xd7, 0x4a, 0x30, 0x68, 0x7c, 0x34, 0xf4, 0x4b, 0xe9, 0x72, 0x54, 0x56, 0x71, 0xaf, 0xc4, 0xe8, - 0x4f, 0xe8, 0x82, 0x53, 0xfc, 0x95, 0x9e, 0xe8, 0xac, 0x44, 0x75, 0x77, 0x77, 0xfc, 0x44, 0xa6, - 0xd6, 0x54, 0xaa, 0x3a, 0xd5, 0xb9, 0x8f, 0xc3, 0x68, 0x86, 0x4c, 0xce, 0x2b, 0xaf, 0x9a, 0xaf, - 0x7c, 0x64, 0xb7, 0x94, 0x39, 0x64, 0xdf, 0xa4, 0x43, 0x26, 0x52, 0x04, 0x03, 0x8f, 0xf4, 0xe0, - 0x83, 0xcd, 0x64, 0x02, 0x97, 0x7a, 0xcc, 0x04, 0x7e, 0x12, 0xaa, 0x61, 0xe0, 0xb9, 0x75, 0x57, - 0xd5, 0x7c, 0x64, 0xb9, 0xc7, 0xcb, 0xa2, 0x0d, 0x2b, 0x28, 0xba, 0x0d, 0xb5, 0x5b, 0xb7, 0x13, - 0x7e, 0x6e, 0x24, 0xfc, 0xdb, 0x45, 0x1d, 0x17, 0x29, 0xa3, 0x45, 0x1d, 0x4c, 0x61, 0xcd, 0x0b, - 0xd9, 0xd0, 0xcf, 0x94, 0xa0, 0x4c, 0x2e, 0x60, 0xbe, 0x77, 0xa6, 0x1d, 0x63, 0x2c, 0x20, 0xf6, - 0x37, 0x6a, 0x70, 0x3a, 0xaf, 0x1a, 0x3a, 0xfa, 0x18, 0xf4, 0xf3, 0x3e, 0x16, 0x73, 0xe1, 0x46, - 0x1e, 0x8f, 0x39, 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x39, 0x6b, 0x62, - 0x86, 0x1c, 0x0f, 0xf7, 0x05, 0x47, 0x73, 0x5f, 0x70, 0x38, 0x77, 0xcf, 0x59, 0x43, 0xdb, 0x50, - 0x69, 0xba, 0x09, 0x71, 0x84, 0x13, 0xe1, 0xe6, 0xb1, 0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, - 0xcc, 0x19, 0xa2, 0xaf, 0x5b, 0x30, 0xba, 0x96, 0x4e, 0xfb, 0x17, 0xc2, 0xd3, 0x39, 0x86, 0x8a, - 0xf7, 0x69, 0x46, 0xfc, 0x12, 0xab, 0x4c, 0x23, 0xce, 0x76, 0x07, 0x7d, 0xda, 0x82, 0x81, 0x75, - 0xd7, 0x33, 0x8a, 0x0e, 0x1f, 0xc3, 0xc7, 0xb9, 0xc4, 0x18, 0xe8, 0x1d, 0x07, 0xff, 0x1f, 0x63, - 0xc9, 0xb9, 0x9b, 0xa6, 0xea, 0x3f, 0xaa, 0xa6, 0x1a, 0xb8, 0x4f, 0x9a, 0xea, 0x73, 0x16, 0xd4, - 0xd4, 0x48, 0x8b, 0x54, 0xee, 0x0f, 0x1f, 0xe3, 0x27, 0xe7, 0x9e, 0x13, 0xf5, 0x17, 0x6b, 0xe6, - 0xe8, 0xcb, 0x16, 0x0c, 0x3a, 0xaf, 0xb5, 0x23, 0xd2, 0x20, 0x5b, 0x41, 0x18, 0x8b, 0x1b, 0x30, - 0x5f, 0x2e, 0xbe, 0x33, 0x53, 0x94, 0xc9, 0x2c, 0xd9, 0x5a, 0x0a, 0x63, 0x91, 0xf8, 0xa4, 0x1b, - 0xb0, 0xd9, 0x05, 0x7b, 0xb7, 0x04, 0xe3, 0xfb, 0x50, 0x40, 0xcf, 0xc3, 0x50, 0x10, 0x35, 0x1d, - 0xdf, 0x7d, 0xcd, 0xac, 0xe3, 0xa1, 0xac, 0xac, 0x25, 0x03, 0x86, 0x53, 0x98, 0x66, 0xb2, 0x79, - 0x69, 0x9f, 0x64, 0xf3, 0xf3, 0xd0, 0x17, 0x91, 0x30, 0xc8, 0x6e, 0x16, 0x58, 0xd2, 0x01, 0x83, - 0xa0, 0x47, 0xa1, 0xec, 0x84, 0xae, 0x08, 0x61, 0x53, 0x7b, 0xa0, 0xa9, 0xe5, 0x79, 0x4c, 0xdb, - 0x53, 0xb5, 0x2f, 0x2a, 0xf7, 0xa4, 0xf6, 0x05, 0x55, 0x03, 0xe2, 0xec, 0xa2, 0x5f, 0xab, 0x81, - 0xf4, 0x99, 0x82, 0xfd, 0x66, 0x19, 0x1e, 0xdd, 0x73, 0xbe, 0xe8, 0x08, 0x3e, 0x6b, 0x8f, 0x08, - 0x3e, 0x39, 0x3c, 0xa5, 0xfd, 0x86, 0xa7, 0xdc, 0x65, 0x78, 0x3e, 0x4d, 0x97, 0x81, 0xac, 0x7f, - 0x52, 0xcc, 0x1d, 0x86, 0xdd, 0xca, 0xa9, 0x88, 0x15, 0x20, 0xa1, 0x58, 0xf3, 0xa5, 0x7b, 0x80, - 0x54, 0xa2, 0x75, 0xa5, 0x08, 0x35, 0xd0, 0xb5, 0x1e, 0x0a, 0x9f, 0xfb, 0xdd, 0xb2, 0xb7, 0xed, - 0x9f, 0x2f, 0xc1, 0xe3, 0x3d, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x3d, 0xce, 0xe2, 0xef, 0xef, 0xcf, - 0x64, 0xff, 0x55, 0x0b, 0xce, 0x75, 0x57, 0x1e, 0xe8, 0x19, 0x18, 0x5c, 0x8b, 0x1c, 0xbf, 0xbe, - 0xc1, 0xee, 0x65, 0x95, 0x83, 0xc2, 0xc6, 0x5a, 0x37, 0x63, 0x13, 0x87, 0x6e, 0x6f, 0x79, 0x4c, - 0x82, 0x81, 0x21, 0xd3, 0x53, 0xe9, 0xf6, 0x76, 0x35, 0x0b, 0xc4, 0x9d, 0xf8, 0xf6, 0x9f, 0x97, - 0xf2, 0xbb, 0xc5, 0x8d, 0x8c, 0x83, 0x7c, 0x27, 0xf1, 0x15, 0x4a, 0x3d, 0xc8, 0x92, 0xf2, 0xbd, - 0x96, 0x25, 0x7d, 0xdd, 0x64, 0x09, 0x9a, 0x85, 0x13, 0xc6, 0xc5, 0x39, 0x3c, 0xe5, 0x98, 0x87, - 0xea, 0xaa, 0x0a, 0x20, 0xcb, 0x19, 0x38, 0xee, 0x78, 0x02, 0x3d, 0x05, 0x55, 0xd7, 0x8f, 0x49, - 0xbd, 0x1d, 0xf1, 0x10, 0x71, 0x23, 0xcd, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x72, 0x09, - 0xce, 0x76, 0xb5, 0xb3, 0xee, 0x91, 0xec, 0x32, 0x3f, 0x47, 0xdf, 0xbd, 0xf9, 0x1c, 0xe6, 0x20, - 0x55, 0xf6, 0x1d, 0xa4, 0x3f, 0xea, 0x3e, 0x31, 0xa9, 0xcd, 0xfd, 0x03, 0x3b, 0x4a, 0x2f, 0xc0, - 0xb0, 0x13, 0x86, 0x1c, 0x8f, 0x45, 0x7a, 0x66, 0x2a, 0x00, 0x4d, 0x99, 0x40, 0x9c, 0xc6, 0xed, - 0x49, 0x7b, 0xfe, 0x89, 0x05, 0x35, 0x4c, 0xd6, 0xb9, 0x74, 0x40, 0xb7, 0xc4, 0x10, 0x59, 0x45, - 0xd4, 0x0a, 0xa5, 0x03, 0x1b, 0xbb, 0xac, 0x86, 0x66, 0xde, 0x60, 0x77, 0x5e, 0x6c, 0x54, 0x3a, - 0xd0, 0xc5, 0x46, 0xea, 0x6a, 0x9b, 0x72, 0xf7, 0xab, 0x6d, 0xec, 0x6f, 0x0e, 0xd0, 0xd7, 0x0b, - 0x83, 0x99, 0x88, 0x34, 0x62, 0xfa, 0x7d, 0xdb, 0x91, 0x27, 0x26, 0x89, 0xfa, 0xbe, 0xd7, 0xf1, - 0x02, 0xa6, 0xed, 0xa9, 0xa3, 0x98, 0xd2, 0x81, 0xea, 0x9f, 0x94, 0xf7, 0xad, 0x7f, 0xf2, 0x02, - 0x0c, 0xc7, 0xf1, 0xc6, 0x72, 0xe4, 0x6e, 0x39, 0x09, 0xb9, 0x4a, 0x76, 0x84, 0x95, 0xa5, 0x2b, - 0x07, 0xac, 0x5c, 0xd6, 0x40, 0x9c, 0xc6, 0x45, 0x73, 0x70, 0x52, 0x57, 0x21, 0x21, 0x51, 0xc2, - 0xf2, 0x02, 0xf8, 0x4c, 0x50, 0x69, 0xc2, 0xba, 0x6e, 0x89, 0x40, 0xc0, 0x9d, 0xcf, 0x50, 0xf9, - 0x96, 0x6a, 0xa4, 0x1d, 0xe9, 0x4f, 0xcb, 0xb7, 0x14, 0x1d, 0xda, 0x97, 0x8e, 0x27, 0xd0, 0x22, - 0x9c, 0xe2, 0x13, 0x63, 0x2a, 0x0c, 0x8d, 0x37, 0x1a, 0x48, 0xd7, 0x68, 0x9c, 0xeb, 0x44, 0xc1, - 0x79, 0xcf, 0xa1, 0xe7, 0x60, 0x50, 0x35, 0xcf, 0xcf, 0x8a, 0x53, 0x04, 0xe5, 0xc5, 0x50, 0x64, - 0xe6, 0x1b, 0xd8, 0xc4, 0x43, 0x1f, 0x82, 0x87, 0xf5, 0x5f, 0x9e, 0x3c, 0xc6, 0x8f, 0xd6, 0x66, - 0x45, 0x81, 0x27, 0x75, 0x91, 0xca, 0x5c, 0x2e, 0x5a, 0x03, 0x77, 0x7b, 0x1e, 0xad, 0xc1, 0x39, - 0x05, 0xba, 0xe8, 0x27, 0x2c, 0x13, 0x24, 0x26, 0xd3, 0x4e, 0x4c, 0xae, 0x47, 0x9e, 0xb8, 0x7f, - 0x40, 0xdd, 0xb5, 0x39, 0xe7, 0x26, 0x97, 0xf3, 0x30, 0xf1, 0x02, 0xde, 0x83, 0x0a, 0x9a, 0x84, - 0x1a, 0xf1, 0x9d, 0x35, 0x8f, 0x2c, 0xcd, 0xcc, 0x8b, 0x1b, 0x09, 0x74, 0x64, 0xaf, 0x04, 0x60, - 0x8d, 0xa3, 0x62, 0x53, 0x87, 0xba, 0xde, 0xfb, 0xba, 0x0c, 0xa7, 0x9b, 0xf5, 0x90, 0xda, 0x1e, - 0x6e, 0x9d, 0x4c, 0xd5, 0x59, 0x40, 0x1d, 0xfd, 0x30, 0xbc, 0x78, 0xa6, 0x0a, 0xbc, 0x9e, 0x9b, - 0x59, 0xee, 0xc0, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xcb, 0x28, 0xd8, 0xde, 0x19, 0x3b, 0x95, 0x09, - 0xbc, 0xa4, 0x8d, 0x98, 0xc3, 0xd0, 0x15, 0x40, 0x2c, 0x8a, 0xff, 0x72, 0x92, 0x84, 0xca, 0xd8, - 0x19, 0x3b, 0x9d, 0x2e, 0xf7, 0x72, 0xa9, 0x03, 0x03, 0xe7, 0x3c, 0x65, 0xff, 0x7b, 0x0b, 0x86, - 0xd5, 0x7a, 0xbd, 0x07, 0x79, 0x2c, 0x5e, 0x3a, 0x8f, 0x65, 0xee, 0xe8, 0x12, 0x8f, 0xf5, 0xbc, - 0x4b, 0x30, 0xf4, 0x67, 0x07, 0x01, 0xb4, 0x54, 0x54, 0x0a, 0xc9, 0xea, 0xaa, 0x90, 0x1e, 0x58, - 0x89, 0x94, 0x57, 0x9b, 0xa5, 0x72, 0x7f, 0x6b, 0xb3, 0xac, 0xc0, 0x19, 0x69, 0x2e, 0xf0, 0xb3, - 0xa2, 0xcb, 0x41, 0xac, 0x04, 0x5c, 0x75, 0xfa, 0x51, 0x41, 0xe8, 0xcc, 0x7c, 0x1e, 0x12, 0xce, - 0x7f, 0x36, 0x65, 0xa5, 0x0c, 0xec, 0x67, 0xa5, 0xe8, 0x35, 0xbd, 0xb0, 0x2e, 0x6f, 0x4c, 0xc9, - 0xac, 0xe9, 0x85, 0x4b, 0x2b, 0x58, 0xe3, 0xe4, 0x0b, 0xf6, 0x5a, 0x41, 0x82, 0x1d, 0x0e, 0x2c, - 0xd8, 0xa5, 0x88, 0x19, 0xec, 0x2a, 0x62, 0xa4, 0x4f, 0x7a, 0xa8, 0xab, 0x4f, 0xfa, 0xfd, 0x30, - 0xe2, 0xfa, 0x1b, 0x24, 0x72, 0x13, 0xd2, 0x60, 0x6b, 0x81, 0x89, 0x1f, 0xe3, 0xaa, 0x97, 0xf9, - 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0x71, 0xa4, 0x07, 0xb9, 0xd8, 0x45, 0x1b, 0x8d, 0x16, 0xa3, - 0x8d, 0x4e, 0x1c, 0x5d, 0x1b, 0x9d, 0x3c, 0x56, 0x6d, 0x84, 0x0a, 0xd1, 0x46, 0x3d, 0x09, 0x7a, - 0x63, 0xfb, 0x77, 0x7a, 0x9f, 0xed, 0x5f, 0x37, 0x55, 0x74, 0xe6, 0xd0, 0xaa, 0x28, 0x5f, 0xcb, - 0x3c, 0x74, 0x28, 0x2d, 0xf3, 0xb9, 0x12, 0x9c, 0xd1, 0x72, 0x98, 0xce, 0x7e, 0x77, 0x9d, 0x4a, - 0x22, 0x76, 0xe9, 0x16, 0x3f, 0xb7, 0x31, 0xd2, 0xaa, 0x74, 0x86, 0x96, 0x82, 0x60, 0x03, 0x8b, - 0x65, 0x27, 0x91, 0x88, 0x95, 0x08, 0xce, 0x0a, 0xe9, 0x19, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0x5f, - 0xf4, 0xb7, 0xc8, 0xf8, 0xcc, 0x16, 0xc2, 0x9b, 0xd1, 0x20, 0x6c, 0xe2, 0xa1, 0x27, 0x39, 0x13, - 0x26, 0x20, 0xa8, 0xa0, 0x1e, 0x12, 0xb7, 0x01, 0x4b, 0x99, 0xa0, 0xa0, 0xb2, 0x3b, 0x2c, 0x0d, - 0xad, 0xd2, 0xd9, 0x1d, 0x16, 0x02, 0xa5, 0x30, 0xec, 0xff, 0x61, 0xc1, 0xd9, 0xdc, 0xa1, 0xb8, - 0x07, 0xca, 0x77, 0x3b, 0xad, 0x7c, 0x57, 0x8a, 0xda, 0x6e, 0x18, 0x6f, 0xd1, 0x45, 0x11, 0xff, - 0x5b, 0x0b, 0x46, 0x34, 0xfe, 0x3d, 0x78, 0x55, 0x37, 0xfd, 0xaa, 0xc5, 0xed, 0xac, 0x6a, 0x1d, - 0xef, 0xf6, 0xdb, 0x25, 0x50, 0xc5, 0x29, 0xa7, 0xea, 0xb2, 0xf4, 0xef, 0x3e, 0x27, 0x89, 0x3b, - 0xd0, 0xcf, 0x0e, 0x42, 0xe3, 0x62, 0x82, 0x3c, 0xd2, 0xfc, 0xd9, 0xa1, 0xaa, 0x3e, 0x64, 0x66, - 0x7f, 0x63, 0x2c, 0x18, 0xb2, 0x02, 0xd6, 0xbc, 0xee, 0x5f, 0x43, 0xe4, 0x11, 0xe9, 0x02, 0xd6, - 0xa2, 0x1d, 0x2b, 0x0c, 0xaa, 0x1e, 0xdc, 0x7a, 0xe0, 0xcf, 0x78, 0x4e, 0x2c, 0x6f, 0x9a, 0x54, - 0xea, 0x61, 0x5e, 0x02, 0xb0, 0xc6, 0x61, 0x67, 0xa4, 0x6e, 0x1c, 0x7a, 0xce, 0x8e, 0xb1, 0x7f, - 0x36, 0x2a, 0x1b, 0x28, 0x10, 0x36, 0xf1, 0xec, 0x16, 0x8c, 0xa5, 0x5f, 0x62, 0x96, 0xac, 0xb3, - 0x00, 0xc5, 0x9e, 0x86, 0x73, 0x12, 0x6a, 0x0e, 0x7b, 0x6a, 0xa1, 0xed, 0x64, 0x2f, 0xaa, 0x9f, - 0x92, 0x00, 0xac, 0x71, 0xec, 0x5f, 0xb5, 0xe0, 0x54, 0xce, 0xa0, 0x15, 0x98, 0x30, 0x97, 0x68, - 0x69, 0x93, 0xa7, 0xd8, 0xdf, 0x09, 0x03, 0x0d, 0xb2, 0xee, 0xc8, 0x10, 0x38, 0x43, 0xb6, 0xcf, - 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb3, 0x60, 0x34, 0xdd, 0xd7, 0x98, 0xa5, 0x92, 0xf0, 0x61, - 0x72, 0xe3, 0x7a, 0xb0, 0x45, 0xa2, 0x1d, 0xfa, 0xe6, 0x56, 0x26, 0x95, 0xa4, 0x03, 0x03, 0xe7, - 0x3c, 0xc5, 0x4a, 0xd3, 0x36, 0xd4, 0x68, 0xcb, 0x19, 0x79, 0xa3, 0xc8, 0x19, 0xa9, 0x3f, 0xa6, - 0x79, 0x5c, 0xae, 0x58, 0x62, 0x93, 0xbf, 0xfd, 0xdd, 0x3e, 0x50, 0x19, 0xb5, 0x2c, 0xfe, 0xa8, - 0xa0, 0xe8, 0xad, 0x83, 0x66, 0x10, 0xa9, 0xc9, 0xd0, 0xb7, 0x57, 0x40, 0x00, 0xf7, 0x92, 0x98, - 0xae, 0x4b, 0xf5, 0x86, 0xab, 0x1a, 0x84, 0x4d, 0x3c, 0xda, 0x13, 0xcf, 0xdd, 0x22, 0xfc, 0xa1, - 0xfe, 0x74, 0x4f, 0x16, 0x24, 0x00, 0x6b, 0x1c, 0xda, 0x93, 0x86, 0xbb, 0xbe, 0x2e, 0xb6, 0xfc, - 0xaa, 0x27, 0x74, 0x74, 0x30, 0x83, 0xf0, 0x6a, 0xe3, 0xc1, 0xa6, 0xb0, 0x82, 0x8d, 0x6a, 0xe3, - 0xc1, 0x26, 0x66, 0x10, 0x6a, 0xb7, 0xf9, 0x41, 0xd4, 0x72, 0x3c, 0xf7, 0x35, 0xd2, 0x50, 0x5c, - 0x84, 0xf5, 0xab, 0xec, 0xb6, 0x6b, 0x9d, 0x28, 0x38, 0xef, 0x39, 0x3a, 0x03, 0xc3, 0x88, 0x34, - 0xdc, 0x7a, 0x62, 0x52, 0x83, 0xf4, 0x0c, 0x5c, 0xee, 0xc0, 0xc0, 0x39, 0x4f, 0xa1, 0x29, 0x18, - 0x95, 0x19, 0xd1, 0xb2, 0xde, 0xcd, 0x60, 0xba, 0xbe, 0x06, 0x4e, 0x83, 0x71, 0x16, 0x9f, 0x4a, - 0xb5, 0x96, 0x28, 0x89, 0xc5, 0x8c, 0x65, 0x43, 0xaa, 0xc9, 0x52, 0x59, 0x58, 0x61, 0xd8, 0x9f, - 0x2a, 0x53, 0x2d, 0xdc, 0xa5, 0x14, 0xdc, 0x3d, 0x8b, 0x16, 0x4c, 0xcf, 0xc8, 0xbe, 0x1e, 0x66, - 0xe4, 0xb3, 0x30, 0x74, 0x2b, 0x0e, 0x7c, 0x15, 0x89, 0x57, 0xe9, 0x1a, 0x89, 0x67, 0x60, 0xe5, - 0x47, 0xe2, 0xf5, 0x17, 0x15, 0x89, 0x37, 0x70, 0xc8, 0x48, 0xbc, 0xdf, 0xa9, 0x80, 0xba, 0xf6, - 0xe4, 0x1a, 0x49, 0x6e, 0x07, 0xd1, 0xa6, 0xeb, 0x37, 0x59, 0x26, 0xf9, 0xd7, 0x2d, 0x18, 0xe2, - 0xeb, 0x65, 0xc1, 0xcc, 0xa4, 0x5a, 0x2f, 0xe8, 0x3e, 0x8d, 0x14, 0xb3, 0x89, 0x55, 0x83, 0x51, - 0xe6, 0xa2, 0x53, 0x13, 0x84, 0x53, 0x3d, 0x42, 0x1f, 0x07, 0x90, 0xfe, 0xd1, 0x75, 0x29, 0x32, - 0xe7, 0x8b, 0xe9, 0x1f, 0x26, 0xeb, 0xda, 0x06, 0x5e, 0x55, 0x4c, 0xb0, 0xc1, 0x10, 0x7d, 0x4e, - 0x67, 0x99, 0xf1, 0x90, 0xfd, 0x8f, 0x1e, 0xcb, 0xd8, 0xf4, 0x92, 0x63, 0x86, 0x61, 0xc0, 0xf5, - 0x9b, 0x74, 0x9e, 0x88, 0x88, 0xa5, 0x77, 0xe4, 0x55, 0x61, 0x58, 0x08, 0x9c, 0xc6, 0xb4, 0xe3, - 0x39, 0x7e, 0x9d, 0x44, 0xf3, 0x1c, 0xdd, 0xbc, 0xde, 0x9b, 0x35, 0x60, 0x49, 0xa8, 0xe3, 0xc2, - 0x98, 0x4a, 0x2f, 0x17, 0xc6, 0x9c, 0xfb, 0x00, 0x9c, 0xec, 0xf8, 0x98, 0x07, 0x4a, 0x29, 0x3b, - 0x7c, 0x36, 0x9a, 0xfd, 0xbb, 0x35, 0xad, 0xb4, 0xae, 0x05, 0x0d, 0x7e, 0x6d, 0x49, 0xa4, 0xbf, - 0xa8, 0xb0, 0x71, 0x0b, 0x9c, 0x22, 0xc6, 0x15, 0xe1, 0xaa, 0x11, 0x9b, 0x2c, 0xe9, 0x1c, 0x0d, - 0x9d, 0x88, 0xf8, 0xc7, 0x3d, 0x47, 0x97, 0x15, 0x13, 0x6c, 0x30, 0x44, 0x1b, 0xa9, 0x9c, 0x92, - 0x4b, 0x47, 0xcf, 0x29, 0x61, 0xf5, 0xa9, 0xf2, 0x6e, 0x1a, 0xf8, 0xb2, 0x05, 0x23, 0x7e, 0x6a, - 0xe6, 0x16, 0x13, 0x46, 0x9a, 0xbf, 0x2a, 0xf8, 0xad, 0x59, 0xe9, 0x36, 0x9c, 0xe1, 0x9f, 0xa7, - 0xd2, 0x2a, 0x07, 0x54, 0x69, 0xfa, 0xfe, 0xa3, 0xfe, 0x6e, 0xf7, 0x1f, 0x21, 0x5f, 0x5d, 0x00, - 0x37, 0x50, 0xf8, 0x05, 0x70, 0x90, 0x73, 0xf9, 0xdb, 0x4d, 0xa8, 0xd5, 0x23, 0xe2, 0x24, 0x87, - 0xbc, 0x0b, 0x8c, 0x1d, 0xd0, 0xcf, 0x48, 0x02, 0x58, 0xd3, 0x42, 0x9f, 0x50, 0xf2, 0xac, 0x56, - 0xa4, 0xf9, 0x49, 0x97, 0x62, 0x4f, 0x52, 0xec, 0x8d, 0x4c, 0xa6, 0x2c, 0x14, 0x91, 0xd0, 0x98, - 0xea, 0xc5, 0xf7, 0x57, 0x76, 0xec, 0xff, 0xee, 0x83, 0x13, 0xb2, 0xfb, 0x32, 0x25, 0x80, 0xda, - 0x2b, 0x7c, 0x1e, 0xe8, 0xcd, 0x86, 0xb2, 0x57, 0x2e, 0x4b, 0x00, 0xd6, 0x38, 0xd4, 0x3e, 0x6e, - 0xc7, 0x64, 0x29, 0x24, 0xfe, 0x82, 0xbb, 0x16, 0x8b, 0x73, 0x67, 0xf5, 0xde, 0xd7, 0x35, 0x08, - 0x9b, 0x78, 0x74, 0x73, 0xc4, 0xf7, 0x29, 0x71, 0x36, 0x9d, 0x48, 0xec, 0x7f, 0xb0, 0x84, 0xa3, - 0x5f, 0xc8, 0xad, 0x15, 0x5c, 0x4c, 0x22, 0x5d, 0x47, 0x26, 0xc4, 0x01, 0xaf, 0xf3, 0xfc, 0x5b, - 0x16, 0x9c, 0xe1, 0xad, 0x72, 0x24, 0xaf, 0x87, 0x0d, 0x27, 0x21, 0x71, 0x31, 0xb7, 0x06, 0xe4, - 0xf4, 0x4f, 0x3b, 0xdd, 0xf3, 0xd8, 0xe2, 0xfc, 0xde, 0xa0, 0xd7, 0x2d, 0x18, 0xdd, 0x4c, 0x55, - 0x6f, 0x91, 0xaa, 0xfc, 0xa8, 0xe5, 0x11, 0x52, 0x44, 0xb5, 0xe8, 0x4b, 0xb7, 0xc7, 0x38, 0xcb, - 0xdd, 0xfe, 0x73, 0x0b, 0x4c, 0xb5, 0x76, 0xef, 0x8b, 0xbe, 0x1c, 0xdc, 0x34, 0x97, 0xd6, 0x7e, - 0xa5, 0xab, 0xb5, 0xff, 0x28, 0x94, 0xdb, 0x6e, 0x43, 0xec, 0xf7, 0xf4, 0x69, 0xf8, 0xfc, 0x2c, - 0xa6, 0xed, 0xf6, 0x3f, 0xa9, 0x68, 0x3f, 0x92, 0xc8, 0x53, 0xfb, 0x81, 0x78, 0xed, 0x75, 0x55, - 0x36, 0x8e, 0xbf, 0xf9, 0xb5, 0x8e, 0xb2, 0x71, 0x3f, 0x7e, 0xf0, 0x34, 0x44, 0x3e, 0x40, 0xdd, - 0xaa, 0xc6, 0x0d, 0xec, 0x93, 0x83, 0x78, 0x0b, 0xaa, 0x74, 0x4b, 0xcc, 0x1c, 0xc2, 0xd5, 0x54, - 0xa7, 0xaa, 0x97, 0x45, 0xfb, 0xdd, 0xdd, 0xf1, 0xf7, 0x1e, 0xbc, 0x5b, 0xf2, 0x69, 0xac, 0xe8, - 0xa3, 0x18, 0x6a, 0xf4, 0x37, 0x4b, 0x97, 0x14, 0x9b, 0xed, 0xeb, 0x4a, 0x66, 0x4a, 0x40, 0x21, - 0xb9, 0x98, 0x9a, 0x0f, 0xf2, 0xa1, 0xc6, 0x6e, 0x3e, 0x66, 0x4c, 0xf9, 0x9e, 0x7c, 0x59, 0x25, - 0x2d, 0x4a, 0xc0, 0xdd, 0xdd, 0xf1, 0x17, 0x0e, 0xce, 0x54, 0x3d, 0x8e, 0x35, 0x0b, 0xfb, 0x8d, - 0x3e, 0x3d, 0x77, 0x45, 0xb5, 0xc0, 0x1f, 0x88, 0xb9, 0xfb, 0x7c, 0x66, 0xee, 0x9e, 0xef, 0x98, - 0xbb, 0x23, 0xfa, 0x86, 0xde, 0xd4, 0x6c, 0xbc, 0xd7, 0x86, 0xd9, 0xfe, 0xfe, 0x1f, 0x66, 0x91, - 0xbe, 0xda, 0x76, 0x23, 0x12, 0x2f, 0x47, 0x6d, 0xdf, 0xf5, 0x9b, 0x6c, 0x3a, 0x56, 0x4d, 0x8b, - 0x34, 0x05, 0xc6, 0x59, 0x7c, 0xf4, 0x14, 0x54, 0xe9, 0x37, 0xbf, 0xe9, 0x6c, 0xf1, 0x59, 0x65, - 0x14, 0x50, 0x5b, 0x11, 0xed, 0x58, 0x61, 0xd8, 0xdf, 0x64, 0xb1, 0x05, 0x46, 0x9e, 0x36, 0x9d, - 0x13, 0x1e, 0xbb, 0x6a, 0x9a, 0x57, 0x5f, 0x53, 0x73, 0x82, 0xdf, 0x2f, 0xcd, 0x61, 0xe8, 0x36, - 0x0c, 0xac, 0xf1, 0xbb, 0x16, 0x8b, 0xa9, 0x48, 0x2f, 0x2e, 0x6e, 0x64, 0x37, 0xea, 0xc8, 0x5b, - 0x1c, 0xef, 0xea, 0x9f, 0x58, 0x72, 0xb3, 0xff, 0xa0, 0x02, 0xa3, 0x99, 0xcb, 0x88, 0x53, 0x75, - 0x6f, 0x4b, 0xfb, 0xd6, 0xbd, 0xfd, 0x08, 0x40, 0x83, 0x84, 0x5e, 0xb0, 0xc3, 0xcc, 0xe3, 0xbe, - 0x03, 0x9b, 0xc7, 0x6a, 0x47, 0x35, 0xab, 0xa8, 0x60, 0x83, 0xa2, 0x28, 0x39, 0xc7, 0xcb, 0xe8, - 0x66, 0x4a, 0xce, 0x19, 0xf7, 0x56, 0xf4, 0xdf, 0xdb, 0x7b, 0x2b, 0x5c, 0x18, 0xe5, 0x5d, 0x54, - 0xd9, 0xd0, 0x87, 0x48, 0x7a, 0x66, 0xf9, 0x24, 0xb3, 0x69, 0x32, 0x38, 0x4b, 0xf7, 0x7e, 0xde, - 0x35, 0x8e, 0xde, 0x05, 0x35, 0xf9, 0x9d, 0xf9, 0x1e, 0x45, 0x54, 0x94, 0x90, 0xd3, 0x80, 0xdd, - 0x01, 0x2e, 0x7e, 0x76, 0x14, 0x76, 0x80, 0xfb, 0x55, 0xd8, 0xc1, 0xfe, 0x52, 0x89, 0xda, 0xf1, - 0xbc, 0x5f, 0xaa, 0x46, 0xd1, 0x13, 0xd0, 0xef, 0xb4, 0x93, 0x8d, 0xa0, 0xe3, 0xe6, 0xc8, 0x29, - 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0x40, 0x5f, 0x43, 0xd7, 0x9d, 0x39, 0xc8, 0xf7, 0xd4, 0x2e, 0x6a, - 0x27, 0x21, 0x98, 0x51, 0x41, 0x8f, 0x40, 0x5f, 0xe2, 0x34, 0x65, 0x0a, 0x1c, 0x4b, 0x7b, 0x5e, - 0x75, 0x9a, 0x31, 0x66, 0xad, 0xa6, 0xfa, 0xee, 0xdb, 0x47, 0x7d, 0xbf, 0x00, 0xc3, 0xb1, 0xdb, - 0xf4, 0x9d, 0xa4, 0x1d, 0x11, 0xe3, 0xd8, 0x55, 0x47, 0xd2, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0x7f, - 0x73, 0x08, 0x4e, 0xaf, 0xcc, 0x2c, 0xca, 0x3a, 0xec, 0xc7, 0x96, 0xc5, 0x96, 0xc7, 0xe3, 0xde, - 0x65, 0xb1, 0x75, 0xe1, 0xee, 0x19, 0x59, 0x6c, 0x9e, 0x91, 0xc5, 0x96, 0x4e, 0x29, 0x2a, 0x17, - 0x91, 0x52, 0x94, 0xd7, 0x83, 0x5e, 0x52, 0x8a, 0x8e, 0x2d, 0xad, 0x6d, 0xcf, 0x0e, 0x1d, 0x28, - 0xad, 0x4d, 0xe5, 0xfc, 0x15, 0x92, 0xec, 0xd1, 0xe5, 0x53, 0xe5, 0xe6, 0xfc, 0xa9, 0x7c, 0x2b, - 0x9e, 0xc8, 0x24, 0x44, 0xfd, 0xcb, 0xc5, 0x77, 0xa0, 0x87, 0x7c, 0x2b, 0x91, 0x4b, 0x65, 0xe6, - 0xf8, 0x0d, 0x14, 0x91, 0xe3, 0x97, 0xd7, 0x9d, 0x7d, 0x73, 0xfc, 0x5e, 0x80, 0xe1, 0xba, 0x17, - 0xf8, 0x64, 0x39, 0x0a, 0x92, 0xa0, 0x1e, 0xc8, 0xbb, 0xeb, 0x94, 0x48, 0x98, 0x31, 0x81, 0x38, - 0x8d, 0xdb, 0x2d, 0x41, 0xb0, 0x76, 0xd4, 0x04, 0x41, 0xb8, 0x4f, 0x09, 0x82, 0x3f, 0xab, 0x53, - 0xd9, 0x07, 0xd9, 0x17, 0xf9, 0x48, 0xf1, 0x5f, 0xa4, 0x97, 0x7c, 0x76, 0xf4, 0x26, 0xbf, 0xba, - 0x91, 0x1a, 0xc6, 0x33, 0x41, 0x8b, 0x1a, 0x7e, 0x43, 0x6c, 0x48, 0x5e, 0x39, 0x86, 0x09, 0x7b, - 0x73, 0x45, 0xb3, 0x51, 0xd7, 0x39, 0xea, 0x26, 0x9c, 0xee, 0xc8, 0x51, 0x52, 0xed, 0xbf, 0x5a, - 0x82, 0x1f, 0xda, 0xb7, 0x0b, 0xe8, 0x36, 0x40, 0xe2, 0x34, 0xc5, 0x44, 0x15, 0x07, 0x58, 0x47, - 0x0c, 0x77, 0x5d, 0x95, 0xf4, 0x78, 0x8d, 0x18, 0xf5, 0x97, 0x1d, 0x0d, 0xc9, 0xdf, 0x2c, 0xca, - 0x35, 0xf0, 0x3a, 0x4a, 0x69, 0xe2, 0xc0, 0x23, 0x98, 0x41, 0xa8, 0xfa, 0x8f, 0x48, 0x53, 0xdf, - 0x35, 0xae, 0x3e, 0x1f, 0x66, 0xad, 0x58, 0x40, 0xd1, 0x73, 0x30, 0xe8, 0x78, 0x1e, 0xcf, 0x57, - 0x22, 0xb1, 0xb8, 0x41, 0x49, 0x7b, 0x2d, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x9f, 0x95, 0x60, 0x7c, - 0x1f, 0x99, 0xd2, 0x91, 0x81, 0x59, 0xe9, 0x39, 0x03, 0x53, 0xe4, 0x8c, 0xf4, 0x77, 0xc9, 0x19, - 0x79, 0x0e, 0x06, 0x13, 0xe2, 0xb4, 0x44, 0x80, 0x9c, 0xf0, 0x04, 0xe8, 0x13, 0x79, 0x0d, 0xc2, - 0x26, 0x1e, 0x95, 0x62, 0x23, 0x4e, 0xbd, 0x4e, 0xe2, 0x58, 0x26, 0x85, 0x08, 0xef, 0x76, 0x61, - 0x19, 0x27, 0xec, 0xd0, 0x60, 0x2a, 0xc5, 0x02, 0x67, 0x58, 0x66, 0x07, 0xbc, 0xd6, 0xe3, 0x80, - 0x7f, 0xa3, 0x04, 0x8f, 0xee, 0xa9, 0xdd, 0x7a, 0xce, 0xd7, 0x69, 0xc7, 0x24, 0xca, 0x4e, 0x9c, - 0xeb, 0x31, 0x89, 0x30, 0x83, 0xf0, 0x51, 0x0a, 0x43, 0xe3, 0x2e, 0xf7, 0xa2, 0x93, 0xc9, 0xf8, - 0x28, 0xa5, 0x58, 0xe0, 0x0c, 0xcb, 0xc3, 0x4e, 0xcb, 0xbf, 0x57, 0x82, 0xc7, 0x7b, 0xb0, 0x01, - 0x0a, 0x4c, 0xba, 0x4b, 0xa7, 0x3e, 0x96, 0xef, 0x53, 0x86, 0xea, 0x21, 0x87, 0xeb, 0x9b, 0x25, - 0x38, 0xd7, 0x5d, 0x15, 0xa3, 0xf7, 0xc1, 0x68, 0xa4, 0xa2, 0xe2, 0xcc, 0xac, 0xc9, 0x53, 0xdc, - 0x93, 0x90, 0x02, 0xe1, 0x2c, 0x2e, 0x9a, 0x00, 0x08, 0x9d, 0x64, 0x23, 0xbe, 0xb8, 0xed, 0xc6, - 0x89, 0xa8, 0x0a, 0x34, 0xc2, 0xcf, 0x12, 0x65, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x36, - 0xb8, 0x16, 0x24, 0xfc, 0x21, 0xbe, 0x8d, 0x38, 0x25, 0x6f, 0x5f, 0x31, 0x40, 0x38, 0x8b, 0x4b, - 0xd9, 0xb1, 0x73, 0x1e, 0xde, 0x51, 0xbe, 0xbf, 0x60, 0xec, 0x16, 0x54, 0x2b, 0x36, 0x30, 0xb2, - 0xf9, 0xa0, 0x95, 0xfd, 0xf3, 0x41, 0xed, 0x7f, 0x5c, 0x82, 0xb3, 0x5d, 0x4d, 0xb9, 0xde, 0x16, - 0xe0, 0x83, 0x97, 0xc3, 0x79, 0xb8, 0xb9, 0x73, 0xc0, 0x5c, 0xc3, 0x3f, 0xe9, 0x32, 0xd3, 0x44, - 0xae, 0xe1, 0xe1, 0x93, 0xf5, 0x1f, 0xbc, 0xf1, 0xec, 0x48, 0x2f, 0xec, 0x3b, 0x40, 0x7a, 0x61, - 0xe6, 0x63, 0x54, 0x7a, 0x5c, 0xc8, 0x7f, 0x51, 0xee, 0x3a, 0xbc, 0x74, 0xeb, 0xd7, 0x93, 0x9f, - 0x76, 0x16, 0x4e, 0xb8, 0x3e, 0xbb, 0x89, 0x6b, 0xa5, 0xbd, 0x26, 0x0a, 0xc5, 0x94, 0xd2, 0x37, - 0xf5, 0xcf, 0x67, 0xe0, 0xb8, 0xe3, 0x89, 0x07, 0x30, 0xdd, 0xf3, 0x70, 0x43, 0x7a, 0xb0, 0x84, - 0x63, 0xb4, 0x04, 0x67, 0xe4, 0x50, 0x6c, 0x38, 0x11, 0x69, 0x08, 0x35, 0x12, 0x8b, 0x04, 0x97, - 0xb3, 0x3c, 0x49, 0x26, 0x07, 0x01, 0xe7, 0x3f, 0xc7, 0x2e, 0x3f, 0x0a, 0x42, 0xb7, 0x2e, 0x36, - 0x39, 0xfa, 0xf2, 0x23, 0xda, 0x88, 0x39, 0xcc, 0xfe, 0x08, 0xd4, 0xd4, 0xfb, 0xf3, 0x30, 0x7b, - 0x35, 0xe9, 0x3a, 0xc2, 0xec, 0xd5, 0x8c, 0x33, 0xb0, 0xe8, 0xd7, 0xa2, 0x26, 0x71, 0x66, 0xf5, - 0x5c, 0x25, 0x3b, 0xcc, 0x3e, 0xb6, 0xdf, 0x0d, 0x43, 0xca, 0xcf, 0xd2, 0xeb, 0x95, 0x50, 0xf6, - 0x1b, 0xfd, 0x30, 0x9c, 0x2a, 0xd6, 0x98, 0x72, 0xb0, 0x5a, 0xfb, 0x3a, 0x58, 0x59, 0xda, 0x44, - 0xdb, 0x97, 0xf7, 0xc5, 0x19, 0x69, 0x13, 0x6d, 0x9f, 0x60, 0x0e, 0xa3, 0xe6, 0x6d, 0x23, 0xda, - 0xc1, 0x6d, 0x5f, 0x84, 0x37, 0x2b, 0xf3, 0x76, 0x96, 0xb5, 0x62, 0x01, 0x45, 0x9f, 0xb4, 0x60, - 0x28, 0x66, 0xde, 0x7b, 0xee, 0x9e, 0x16, 0x93, 0xee, 0xca, 0xd1, 0x6b, 0x51, 0xaa, 0xc2, 0xa4, - 0x2c, 0x62, 0xc9, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0x33, 0x16, 0xd4, 0xd4, 0xb5, 0x36, 0xe2, 0xf2, - 0xc7, 0x95, 0x62, 0x6b, 0x61, 0x72, 0xbf, 0xa6, 0x3a, 0x08, 0x51, 0x45, 0x09, 0xb1, 0x66, 0x8c, - 0x62, 0xe5, 0x3b, 0x1e, 0x38, 0x1e, 0xdf, 0x31, 0xe4, 0xf8, 0x8d, 0xdf, 0x05, 0xb5, 0x96, 0xe3, - 0xbb, 0xeb, 0x24, 0x4e, 0xb8, 0x3b, 0x57, 0x96, 0xe8, 0x95, 0x8d, 0x58, 0xc3, 0xa9, 0x42, 0x8e, - 0xd9, 0x8b, 0x25, 0x86, 0xff, 0x95, 0x29, 0xe4, 0x15, 0xdd, 0x8c, 0x4d, 0x1c, 0xd3, 0x59, 0x0c, - 0xf7, 0xd5, 0x59, 0x3c, 0xb8, 0xb7, 0xb3, 0xd8, 0xfe, 0x07, 0x16, 0x9c, 0xc9, 0xfd, 0x6a, 0x0f, - 0x6e, 0x20, 0xaa, 0xfd, 0x95, 0x0a, 0x9c, 0xca, 0xa9, 0xba, 0x8a, 0x76, 0xcc, 0xf9, 0x6c, 0x15, - 0x11, 0x43, 0x90, 0x3e, 0x12, 0x97, 0xc3, 0x98, 0x33, 0x89, 0x0f, 0x76, 0x54, 0xa3, 0x8f, 0x4b, - 0xca, 0xf7, 0xf6, 0xb8, 0xc4, 0x98, 0x96, 0x7d, 0xf7, 0x75, 0x5a, 0x56, 0xf6, 0x39, 0xc3, 0xf8, - 0x35, 0x0b, 0xc6, 0x5a, 0x5d, 0x4a, 0xfd, 0x0b, 0xc7, 0xe3, 0x8d, 0xe3, 0xb9, 0x48, 0x60, 0xfa, - 0x91, 0x3b, 0xbb, 0xe3, 0x5d, 0x6f, 0x58, 0xc0, 0x5d, 0x7b, 0x65, 0x7f, 0xb7, 0x0c, 0xac, 0xe4, - 0x2f, 0xab, 0xac, 0xb7, 0x83, 0x3e, 0x61, 0x16, 0x6f, 0xb6, 0x8a, 0x2a, 0x34, 0xcc, 0x89, 0xab, - 0xe2, 0xcf, 0x7c, 0x04, 0xf3, 0x6a, 0x41, 0x67, 0x85, 0x56, 0xa9, 0x07, 0xa1, 0xe5, 0xc9, 0x2a, - 0xd9, 0xe5, 0xe2, 0xab, 0x64, 0xd7, 0xb2, 0x15, 0xb2, 0xf7, 0xfe, 0xc4, 0x7d, 0x0f, 0xe4, 0x27, - 0xfe, 0x45, 0x8b, 0x0b, 0x9e, 0xcc, 0x57, 0xd0, 0x96, 0x81, 0xb5, 0x87, 0x65, 0xf0, 0x14, 0x54, - 0x63, 0xe2, 0xad, 0x5f, 0x26, 0x8e, 0x27, 0x2c, 0x08, 0x7d, 0x7e, 0x2d, 0xda, 0xb1, 0xc2, 0x60, - 0x17, 0xf0, 0x7a, 0x5e, 0x70, 0xfb, 0x62, 0x2b, 0x4c, 0x76, 0x84, 0x2d, 0xa1, 0x2f, 0xe0, 0x55, - 0x10, 0x6c, 0x60, 0xd9, 0x7f, 0xb3, 0xc4, 0x67, 0xa0, 0x08, 0x82, 0x78, 0x3e, 0x73, 0x65, 0x62, - 0xef, 0xf1, 0x03, 0x1f, 0x03, 0xa8, 0x07, 0xad, 0x90, 0xda, 0x7d, 0xab, 0x81, 0x38, 0x13, 0xba, - 0x7c, 0xe4, 0x1b, 0xd3, 0x05, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xb2, 0xb4, 0xbc, - 0xaf, 0x2c, 0x4d, 0x89, 0x95, 0xbe, 0x7d, 0xb4, 0xdd, 0x9f, 0x59, 0x90, 0xb2, 0x88, 0x50, 0x08, - 0x15, 0xda, 0xdd, 0x1d, 0xb1, 0x42, 0x97, 0x8a, 0x33, 0xbf, 0xa8, 0x68, 0x14, 0xd3, 0x9e, 0xfd, - 0xc4, 0x9c, 0x11, 0xf2, 0x44, 0xac, 0x04, 0x1f, 0xd5, 0x6b, 0xc5, 0x31, 0xbc, 0x1c, 0x04, 0x9b, - 0xfc, 0x60, 0x53, 0xc7, 0x5d, 0xd8, 0xcf, 0xc3, 0xc9, 0x8e, 0x4e, 0xb1, 0xdb, 0xd1, 0x02, 0xaa, - 0x7d, 0x32, 0xd3, 0x95, 0x25, 0xd4, 0x62, 0x0e, 0xb3, 0xbf, 0x69, 0xc1, 0x89, 0x2c, 0x79, 0xf4, - 0xa6, 0x05, 0x27, 0xe3, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0xef, 0xd8, 0x01, 0xc2, 0x9d, 0x9d, - 0xb0, 0xff, 0x8f, 0x98, 0xfc, 0x37, 0x5d, 0xbf, 0x11, 0xdc, 0x56, 0x86, 0x89, 0xd5, 0xd5, 0x30, - 0xa1, 0xeb, 0xb1, 0xbe, 0x41, 0x1a, 0x6d, 0xaf, 0x23, 0x93, 0x77, 0x45, 0xb4, 0x63, 0x85, 0xc1, - 0x12, 0x17, 0xdb, 0xa2, 0x8c, 0x7e, 0x66, 0x52, 0xce, 0x8a, 0x76, 0xac, 0x30, 0xd0, 0xb3, 0x30, - 0x64, 0xbc, 0xa4, 0x9c, 0x97, 0xcc, 0x20, 0x37, 0x54, 0x66, 0x8c, 0x53, 0x58, 0x68, 0x02, 0x40, - 0x19, 0x39, 0x52, 0x45, 0x32, 0x47, 0x91, 0x92, 0x44, 0x31, 0x36, 0x30, 0x58, 0x9a, 0xb0, 0xd7, - 0x8e, 0x99, 0x8f, 0xbf, 0x5f, 0x97, 0x76, 0x9d, 0x11, 0x6d, 0x58, 0x41, 0xa9, 0x34, 0x69, 0x39, - 0x7e, 0xdb, 0xf1, 0xe8, 0x08, 0x89, 0xad, 0x9f, 0x5a, 0x86, 0x8b, 0x0a, 0x82, 0x0d, 0x2c, 0xfa, - 0xc6, 0x89, 0xdb, 0x22, 0x2f, 0x05, 0xbe, 0x8c, 0x53, 0xd3, 0xc7, 0x3e, 0xa2, 0x1d, 0x2b, 0x0c, - 0xfb, 0xbf, 0x58, 0x30, 0xaa, 0x8b, 0x0e, 0xf0, 0x7b, 0xd0, 0xcd, 0x9d, 0xaa, 0xb5, 0xef, 0x4e, - 0x35, 0x9d, 0x8d, 0x5d, 0xea, 0x29, 0x1b, 0xdb, 0x4c, 0x94, 0x2e, 0xef, 0x99, 0x28, 0xfd, 0x23, - 0xfa, 0x8e, 0x5d, 0x9e, 0x51, 0x3d, 0x98, 0x77, 0xbf, 0x2e, 0xb2, 0xa1, 0xbf, 0xee, 0xa8, 0x8a, - 0x3b, 0x43, 0x7c, 0xef, 0x30, 0x33, 0xc5, 0x90, 0x04, 0xc4, 0x5e, 0x82, 0x9a, 0x3a, 0xfd, 0x90, - 0x1b, 0x55, 0x2b, 0x7f, 0xa3, 0xda, 0x53, 0xc2, 0xe6, 0xf4, 0xda, 0xb7, 0xbf, 0xf7, 0xd8, 0xdb, - 0x7e, 0xff, 0x7b, 0x8f, 0xbd, 0xed, 0x8f, 0xbf, 0xf7, 0xd8, 0xdb, 0x3e, 0x79, 0xe7, 0x31, 0xeb, - 0xdb, 0x77, 0x1e, 0xb3, 0x7e, 0xff, 0xce, 0x63, 0xd6, 0x1f, 0xdf, 0x79, 0xcc, 0xfa, 0xee, 0x9d, - 0xc7, 0xac, 0x2f, 0xff, 0xc7, 0xc7, 0xde, 0xf6, 0x52, 0x6e, 0xa0, 0x22, 0xfd, 0xf1, 0x74, 0xbd, - 0x31, 0xb9, 0x75, 0x81, 0xc5, 0xca, 0xd1, 0xe5, 0x35, 0x69, 0xcc, 0xa9, 0x49, 0xb9, 0xbc, 0xfe, - 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x8f, 0xb9, 0xc7, 0x9f, 0xe5, 0x00, 0x00, + // 11478 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x1c, 0xc9, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x00, 0x04, 0xd1, 0x24, 0xef, 0x40, 0xea, 0xee, 0x40, + 0xcf, 0xd9, 0xa7, 0x73, 0x74, 0x07, 0xf8, 0xe8, 0x3b, 0xf9, 0xa2, 0xb3, 0x24, 0xe3, 0x83, 0x04, + 0x41, 0x02, 0x04, 0xae, 0x01, 0x92, 0xd2, 0xc9, 0xa7, 0xd3, 0x60, 0xb6, 0xb1, 0x18, 0x62, 0x76, + 0x66, 0x6f, 0x66, 0x16, 0x04, 0xce, 0x92, 0x2c, 0x59, 0x92, 0x2d, 0x47, 0x1f, 0xa7, 0x48, 0xa9, + 0xca, 0x39, 0xb1, 0x14, 0xd9, 0x52, 0x52, 0x49, 0xa5, 0x54, 0x51, 0x92, 0x1f, 0x71, 0x6c, 0xa7, + 0x5c, 0xb1, 0x53, 0x2e, 0x25, 0x8e, 0xcb, 0x8e, 0x4a, 0x65, 0x29, 0x89, 0x8d, 0x48, 0x4c, 0x52, + 0x4e, 0xe5, 0x87, 0xab, 0xe2, 0xe4, 0x47, 0x8a, 0xc9, 0x8f, 0x54, 0x7f, 0xf7, 0xcc, 0xce, 0x02, + 0x0b, 0x62, 0x00, 0x52, 0xca, 0xfd, 0xdb, 0xed, 0xf7, 0xba, 0x5f, 0x4f, 0x7f, 0xbc, 0xf7, 0xfa, + 0xf5, 0x7b, 0xaf, 0x61, 0xa1, 0xe1, 0x25, 0x1b, 0xed, 0xb5, 0x09, 0x37, 0x6c, 0x4e, 0x3a, 0x51, + 0x23, 0x6c, 0x45, 0xe1, 0x2d, 0xf6, 0xe3, 0x69, 0xb7, 0x3e, 0xb9, 0x75, 0x61, 0xb2, 0xb5, 0xd9, + 0x98, 0x74, 0x5a, 0x5e, 0x3c, 0xe9, 0xb4, 0x5a, 0xbe, 0xe7, 0x3a, 0x89, 0x17, 0x06, 0x93, 0x5b, + 0xcf, 0x38, 0x7e, 0x6b, 0xc3, 0x79, 0x66, 0xb2, 0x41, 0x02, 0x12, 0x39, 0x09, 0xa9, 0x4f, 0xb4, + 0xa2, 0x30, 0x09, 0xd1, 0x4f, 0xeb, 0xd6, 0x26, 0x64, 0x6b, 0xec, 0xc7, 0x2b, 0x6e, 0x7d, 0x62, + 0xeb, 0xc2, 0x44, 0x6b, 0xb3, 0x31, 0x41, 0x5b, 0x9b, 0x30, 0x5a, 0x9b, 0x90, 0xad, 0x9d, 0x7b, + 0xda, 0xe8, 0x4b, 0x23, 0x6c, 0x84, 0x93, 0xac, 0xd1, 0xb5, 0xf6, 0x3a, 0xfb, 0xc7, 0xfe, 0xb0, + 0x5f, 0x9c, 0xd8, 0x39, 0x7b, 0xf3, 0xf9, 0x78, 0xc2, 0x0b, 0x69, 0xf7, 0x26, 0xdd, 0x30, 0x22, + 0x93, 0x5b, 0x1d, 0x1d, 0x3a, 0x77, 0x59, 0xe3, 0x90, 0xed, 0x84, 0x04, 0xb1, 0x17, 0x06, 0xf1, + 0xd3, 0xb4, 0x0b, 0x24, 0xda, 0x22, 0x91, 0xf9, 0x79, 0x06, 0x42, 0x5e, 0x4b, 0xcf, 0xea, 0x96, + 0x9a, 0x8e, 0xbb, 0xe1, 0x05, 0x24, 0xda, 0xd1, 0xd5, 0x9b, 0x24, 0x71, 0xf2, 0x6a, 0x4d, 0x76, + 0xab, 0x15, 0xb5, 0x83, 0xc4, 0x6b, 0x92, 0x8e, 0x0a, 0xef, 0xd8, 0xaf, 0x42, 0xec, 0x6e, 0x90, + 0xa6, 0xd3, 0x51, 0xef, 0x27, 0xbb, 0xd5, 0x6b, 0x27, 0x9e, 0x3f, 0xe9, 0x05, 0x49, 0x9c, 0x44, + 0xd9, 0x4a, 0xf6, 0xaf, 0x5a, 0x30, 0x3c, 0x75, 0x73, 0x65, 0xaa, 0x9d, 0x6c, 0xcc, 0x84, 0xc1, + 0xba, 0xd7, 0x40, 0xcf, 0xc1, 0xa0, 0xeb, 0xb7, 0xe3, 0x84, 0x44, 0xd7, 0x9c, 0x26, 0x19, 0xb3, + 0xce, 0x5b, 0x4f, 0xd6, 0xa6, 0x4f, 0x7d, 0x73, 0x77, 0xfc, 0x2d, 0x77, 0x76, 0xc7, 0x07, 0x67, + 0x34, 0x08, 0x9b, 0x78, 0xe8, 0xc7, 0x61, 0x20, 0x0a, 0x7d, 0x32, 0x85, 0xaf, 0x8d, 0x95, 0x58, + 0x95, 0x11, 0x51, 0x65, 0x00, 0xf3, 0x62, 0x2c, 0xe1, 0x14, 0xb5, 0x15, 0x85, 0xeb, 0x9e, 0x4f, + 0xc6, 0xca, 0x69, 0xd4, 0x65, 0x5e, 0x8c, 0x25, 0xdc, 0xfe, 0x93, 0x12, 0xc0, 0x54, 0xab, 0xb5, + 0x1c, 0x85, 0xb7, 0x88, 0x9b, 0xa0, 0x0f, 0x42, 0x95, 0x0e, 0x73, 0xdd, 0x49, 0x1c, 0xd6, 0xb1, + 0xc1, 0x0b, 0x3f, 0x31, 0xc1, 0xbf, 0x7a, 0xc2, 0xfc, 0x6a, 0xbd, 0xc8, 0x28, 0xf6, 0xc4, 0xd6, + 0x33, 0x13, 0x4b, 0x6b, 0xb4, 0xfe, 0x22, 0x49, 0x9c, 0x69, 0x24, 0x88, 0x81, 0x2e, 0xc3, 0xaa, + 0x55, 0x14, 0x40, 0x5f, 0xdc, 0x22, 0x2e, 0xfb, 0x86, 0xc1, 0x0b, 0x0b, 0x13, 0x87, 0x59, 0xcd, + 0x13, 0xba, 0xe7, 0x2b, 0x2d, 0xe2, 0x4e, 0x0f, 0x09, 0xca, 0x7d, 0xf4, 0x1f, 0x66, 0x74, 0xd0, + 0x16, 0xf4, 0xc7, 0x89, 0x93, 0xb4, 0x63, 0x36, 0x14, 0x83, 0x17, 0xae, 0x15, 0x46, 0x91, 0xb5, + 0x3a, 0x7d, 0x42, 0xd0, 0xec, 0xe7, 0xff, 0xb1, 0xa0, 0x66, 0xff, 0x99, 0x05, 0x27, 0x34, 0xf2, + 0x82, 0x17, 0x27, 0xe8, 0x67, 0x3b, 0x06, 0x77, 0xa2, 0xb7, 0xc1, 0xa5, 0xb5, 0xd9, 0xd0, 0x9e, + 0x14, 0xc4, 0xaa, 0xb2, 0xc4, 0x18, 0xd8, 0x26, 0x54, 0xbc, 0x84, 0x34, 0xe3, 0xb1, 0xd2, 0xf9, + 0xf2, 0x93, 0x83, 0x17, 0x2e, 0x17, 0xf5, 0x9d, 0xd3, 0xc3, 0x82, 0x68, 0x65, 0x9e, 0x36, 0x8f, + 0x39, 0x15, 0xfb, 0x2f, 0x87, 0xcd, 0xef, 0xa3, 0x03, 0x8e, 0x9e, 0x81, 0xc1, 0x38, 0x6c, 0x47, + 0x2e, 0xc1, 0xa4, 0x15, 0xc6, 0x63, 0xd6, 0xf9, 0x32, 0x5d, 0x7a, 0x74, 0x51, 0xaf, 0xe8, 0x62, + 0x6c, 0xe2, 0xa0, 0xcf, 0x59, 0x30, 0x54, 0x27, 0x71, 0xe2, 0x05, 0x8c, 0xbe, 0xec, 0xfc, 0xea, + 0xa1, 0x3b, 0x2f, 0x0b, 0x67, 0x75, 0xe3, 0xd3, 0xa7, 0xc5, 0x87, 0x0c, 0x19, 0x85, 0x31, 0x4e, + 0xd1, 0xa7, 0x9b, 0xb3, 0x4e, 0x62, 0x37, 0xf2, 0x5a, 0xf4, 0xbf, 0xd8, 0x3e, 0x6a, 0x73, 0xce, + 0x6a, 0x10, 0x36, 0xf1, 0x50, 0x00, 0x15, 0xba, 0xf9, 0xe2, 0xb1, 0x3e, 0xd6, 0xff, 0xf9, 0xc3, + 0xf5, 0x5f, 0x0c, 0x2a, 0xdd, 0xd7, 0x7a, 0xf4, 0xe9, 0xbf, 0x18, 0x73, 0x32, 0xe8, 0xb3, 0x16, + 0x8c, 0x09, 0xe6, 0x80, 0x09, 0x1f, 0xd0, 0x9b, 0x1b, 0x5e, 0x42, 0x7c, 0x2f, 0x4e, 0xc6, 0x2a, + 0xac, 0x0f, 0x93, 0xbd, 0xad, 0xad, 0xb9, 0x28, 0x6c, 0xb7, 0xae, 0x7a, 0x41, 0x7d, 0xfa, 0xbc, + 0xa0, 0x34, 0x36, 0xd3, 0xa5, 0x61, 0xdc, 0x95, 0x24, 0xfa, 0xa2, 0x05, 0xe7, 0x02, 0xa7, 0x49, + 0xe2, 0x96, 0x43, 0xa7, 0x96, 0x83, 0xa7, 0x7d, 0xc7, 0xdd, 0x64, 0x3d, 0xea, 0xbf, 0xb7, 0x1e, + 0xd9, 0xa2, 0x47, 0xe7, 0xae, 0x75, 0x6d, 0x1a, 0xef, 0x41, 0x16, 0x7d, 0xd5, 0x82, 0xd1, 0x30, + 0x6a, 0x6d, 0x38, 0x01, 0xa9, 0x4b, 0x68, 0x3c, 0x36, 0xc0, 0xb6, 0xde, 0x07, 0x0e, 0x37, 0x45, + 0x4b, 0xd9, 0x66, 0x17, 0xc3, 0xc0, 0x4b, 0xc2, 0x68, 0x85, 0x24, 0x89, 0x17, 0x34, 0xe2, 0xe9, + 0x33, 0x77, 0x76, 0xc7, 0x47, 0x3b, 0xb0, 0x70, 0x67, 0x7f, 0xd0, 0xcf, 0xc1, 0x60, 0xbc, 0x13, + 0xb8, 0x37, 0xbd, 0xa0, 0x1e, 0xde, 0x8e, 0xc7, 0xaa, 0x45, 0x6c, 0xdf, 0x15, 0xd5, 0xa0, 0xd8, + 0x80, 0x9a, 0x00, 0x36, 0xa9, 0xe5, 0x4f, 0x9c, 0x5e, 0x4a, 0xb5, 0xa2, 0x27, 0x4e, 0x2f, 0xa6, + 0x3d, 0xc8, 0xa2, 0x5f, 0xb2, 0x60, 0x38, 0xf6, 0x1a, 0x81, 0x93, 0xb4, 0x23, 0x72, 0x95, 0xec, + 0xc4, 0x63, 0xc0, 0x3a, 0x72, 0xe5, 0x90, 0xa3, 0x62, 0x34, 0x39, 0x7d, 0x46, 0xf4, 0x71, 0xd8, + 0x2c, 0x8d, 0x71, 0x9a, 0x6e, 0xde, 0x46, 0xd3, 0xcb, 0x7a, 0xb0, 0xd8, 0x8d, 0xa6, 0x17, 0x75, + 0x57, 0x92, 0xe8, 0x67, 0xe0, 0x24, 0x2f, 0x52, 0x23, 0x1b, 0x8f, 0x0d, 0x31, 0x46, 0x7b, 0xfa, + 0xce, 0xee, 0xf8, 0xc9, 0x95, 0x0c, 0x0c, 0x77, 0x60, 0xa3, 0x57, 0x61, 0xbc, 0x45, 0xa2, 0xa6, + 0x97, 0x2c, 0x05, 0xfe, 0x8e, 0x64, 0xdf, 0x6e, 0xd8, 0x22, 0x75, 0xd1, 0x9d, 0x78, 0x6c, 0xf8, + 0xbc, 0xf5, 0x64, 0x75, 0xfa, 0x6d, 0xa2, 0x9b, 0xe3, 0xcb, 0x7b, 0xa3, 0xe3, 0xfd, 0xda, 0x43, + 0xbf, 0x6f, 0xc1, 0x39, 0x83, 0xcb, 0xae, 0x90, 0x68, 0xcb, 0x73, 0xc9, 0x94, 0xeb, 0x86, 0xed, + 0x20, 0x89, 0xc7, 0x4e, 0xb0, 0x61, 0x5c, 0x3b, 0x0a, 0x9e, 0x9f, 0x26, 0xa5, 0xd7, 0x65, 0x57, + 0x94, 0x18, 0xef, 0xd1, 0x53, 0xfb, 0x5f, 0x97, 0xe0, 0x64, 0x56, 0x03, 0x40, 0x7f, 0xcf, 0x82, + 0x91, 0x5b, 0xb7, 0x93, 0xd5, 0x70, 0x93, 0x04, 0xf1, 0xf4, 0x0e, 0xe5, 0xd3, 0x4c, 0xf6, 0x0d, + 0x5e, 0x70, 0x8b, 0xd5, 0x35, 0x26, 0xae, 0xa4, 0xa9, 0x5c, 0x0c, 0x92, 0x68, 0x67, 0xfa, 0x61, + 0xf1, 0x4d, 0x23, 0x57, 0x6e, 0xae, 0x9a, 0x50, 0x9c, 0xed, 0xd4, 0xb9, 0x4f, 0x5b, 0x70, 0x3a, + 0xaf, 0x09, 0x74, 0x12, 0xca, 0x9b, 0x64, 0x87, 0x6b, 0xa2, 0x98, 0xfe, 0x44, 0x2f, 0x43, 0x65, + 0xcb, 0xf1, 0xdb, 0x44, 0xa8, 0x69, 0x73, 0x87, 0xfb, 0x10, 0xd5, 0x33, 0xcc, 0x5b, 0x7d, 0x67, + 0xe9, 0x79, 0xcb, 0xfe, 0xa3, 0x32, 0x0c, 0x1a, 0x93, 0x76, 0x0c, 0xaa, 0x67, 0x98, 0x52, 0x3d, + 0x17, 0x0b, 0x5b, 0x6f, 0x5d, 0x75, 0xcf, 0xdb, 0x19, 0xdd, 0x73, 0xa9, 0x38, 0x92, 0x7b, 0x2a, + 0x9f, 0x28, 0x81, 0x5a, 0xd8, 0xa2, 0xc7, 0x10, 0xaa, 0xc3, 0xf4, 0x15, 0x31, 0x85, 0x4b, 0xb2, + 0xb9, 0xe9, 0xe1, 0x3b, 0xbb, 0xe3, 0x35, 0xf5, 0x17, 0x6b, 0x42, 0xf6, 0x77, 0x2c, 0x38, 0x6d, + 0xf4, 0x71, 0x26, 0x0c, 0xea, 0x1e, 0x9b, 0xda, 0xf3, 0xd0, 0x97, 0xec, 0xb4, 0xe4, 0x51, 0x47, + 0x8d, 0xd4, 0xea, 0x4e, 0x8b, 0x60, 0x06, 0xa1, 0x27, 0x96, 0x26, 0x89, 0x63, 0xa7, 0x41, 0xb2, + 0x87, 0x9b, 0x45, 0x5e, 0x8c, 0x25, 0x1c, 0x45, 0x80, 0x7c, 0x27, 0x4e, 0x56, 0x23, 0x27, 0x88, + 0x59, 0xf3, 0xab, 0x5e, 0x93, 0x88, 0x01, 0xfe, 0x2b, 0xbd, 0xad, 0x18, 0x5a, 0x63, 0xfa, 0xa1, + 0x3b, 0xbb, 0xe3, 0x68, 0xa1, 0xa3, 0x25, 0x9c, 0xd3, 0xba, 0xfd, 0x45, 0x0b, 0x1e, 0xca, 0x67, + 0x30, 0xe8, 0x09, 0xe8, 0xe7, 0xe7, 0x5c, 0xf1, 0x75, 0x7a, 0x4a, 0x58, 0x29, 0x16, 0x50, 0x34, + 0x09, 0x35, 0x25, 0xf0, 0xc4, 0x37, 0x8e, 0x0a, 0xd4, 0x9a, 0x96, 0x92, 0x1a, 0x87, 0x0e, 0x1a, + 0xfd, 0x23, 0x54, 0x50, 0x35, 0x68, 0xec, 0x60, 0xc8, 0x20, 0xf6, 0xb7, 0x2d, 0xf8, 0xd1, 0x5e, + 0xd8, 0xde, 0xd1, 0xf5, 0x71, 0x05, 0xce, 0xd4, 0xc9, 0xba, 0xd3, 0xf6, 0x93, 0x34, 0x45, 0xd1, + 0xe9, 0x47, 0x45, 0xe5, 0x33, 0xb3, 0x79, 0x48, 0x38, 0xbf, 0xae, 0xfd, 0x9f, 0x2c, 0x18, 0x31, + 0x3e, 0xeb, 0x18, 0x8e, 0x4e, 0x41, 0xfa, 0xe8, 0x34, 0x5f, 0xd8, 0x36, 0xed, 0x72, 0x76, 0xfa, + 0xac, 0x05, 0xe7, 0x0c, 0xac, 0x45, 0x27, 0x71, 0x37, 0x2e, 0x6e, 0xb7, 0x22, 0x12, 0xc7, 0x74, + 0x49, 0x3d, 0x6a, 0xb0, 0xe3, 0xe9, 0x41, 0xd1, 0x42, 0xf9, 0x2a, 0xd9, 0xe1, 0xbc, 0xf9, 0x29, + 0xa8, 0xf2, 0x3d, 0x17, 0x46, 0x62, 0x92, 0xd4, 0xb7, 0x2d, 0x89, 0x72, 0xac, 0x30, 0x90, 0x0d, + 0xfd, 0x8c, 0xe7, 0x52, 0x1e, 0x44, 0xd5, 0x04, 0xa0, 0xf3, 0x7e, 0x83, 0x95, 0x60, 0x01, 0xb1, + 0xe3, 0x54, 0x77, 0x96, 0x23, 0xc2, 0xd6, 0x43, 0xfd, 0x92, 0x47, 0xfc, 0x7a, 0x4c, 0x8f, 0x75, + 0x4e, 0x10, 0x84, 0x89, 0x38, 0xa1, 0x19, 0xc7, 0xba, 0x29, 0x5d, 0x8c, 0x4d, 0x1c, 0x4a, 0xd4, + 0x77, 0xd6, 0x88, 0xcf, 0x47, 0x54, 0x10, 0x5d, 0x60, 0x25, 0x58, 0x40, 0xec, 0x3b, 0x25, 0x76, + 0x80, 0x54, 0x1c, 0x8d, 0x1c, 0x87, 0xf5, 0x21, 0x4a, 0x89, 0x80, 0xe5, 0xe2, 0xf8, 0x31, 0xe9, + 0x6e, 0x81, 0x78, 0x2d, 0x23, 0x05, 0x70, 0xa1, 0x54, 0xf7, 0xb6, 0x42, 0x7c, 0xb4, 0x0c, 0xe3, + 0xe9, 0x0a, 0x1d, 0x42, 0x84, 0x1e, 0x79, 0x0d, 0x42, 0x59, 0x7b, 0x94, 0x81, 0x8f, 0x4d, 0xbc, + 0x2e, 0x7c, 0xb8, 0x74, 0x94, 0x7c, 0xd8, 0x14, 0x13, 0xe5, 0x7d, 0xc4, 0xc4, 0x13, 0x6a, 0xd4, + 0xfb, 0x32, 0x3c, 0x2f, 0x2d, 0x2a, 0xcf, 0x43, 0x5f, 0x9c, 0x90, 0xd6, 0x58, 0x25, 0xcd, 0x66, + 0x57, 0x12, 0xd2, 0xc2, 0x0c, 0x82, 0xde, 0x05, 0x23, 0x89, 0x13, 0x35, 0x48, 0x12, 0x91, 0x2d, + 0x8f, 0xd9, 0x2e, 0xd9, 0x79, 0xb6, 0x36, 0x7d, 0x8a, 0x6a, 0x5d, 0xab, 0x0c, 0x84, 0x25, 0x08, + 0x67, 0x71, 0xed, 0xff, 0x5e, 0x82, 0x87, 0xd3, 0x53, 0xa0, 0x05, 0xe3, 0x7b, 0x52, 0x82, 0xf1, + 0xed, 0xa6, 0x60, 0xbc, 0xbb, 0x3b, 0xfe, 0xd6, 0x2e, 0xd5, 0x7e, 0x60, 0xe4, 0x26, 0x9a, 0xcb, + 0x4c, 0xc2, 0x64, 0x7a, 0x12, 0xee, 0xee, 0x8e, 0x3f, 0xda, 0xe5, 0x1b, 0x33, 0xb3, 0xf4, 0x04, + 0xf4, 0x47, 0xc4, 0x89, 0xc3, 0x40, 0xcc, 0x93, 0x9a, 0x4d, 0xcc, 0x4a, 0xb1, 0x80, 0xda, 0xdf, + 0xaa, 0x65, 0x07, 0x7b, 0x8e, 0xdb, 0x63, 0xc3, 0x08, 0x79, 0xd0, 0xc7, 0x4e, 0x6d, 0x9c, 0xb3, + 0x5c, 0x3d, 0xdc, 0x2e, 0xa4, 0x52, 0x44, 0x35, 0x3d, 0x5d, 0xa5, 0xb3, 0x46, 0x8b, 0x30, 0x23, + 0x81, 0xb6, 0xa1, 0xea, 0xca, 0xc3, 0x54, 0xa9, 0x08, 0xb3, 0xa3, 0x38, 0x4a, 0x69, 0x8a, 0x43, + 0x94, 0xdd, 0xab, 0x13, 0x98, 0xa2, 0x86, 0x08, 0x94, 0x1b, 0x5e, 0x22, 0xa6, 0xf5, 0x90, 0xc7, + 0xe5, 0x39, 0xcf, 0xf8, 0xc4, 0x01, 0x2a, 0x83, 0xe6, 0xbc, 0x04, 0xd3, 0xf6, 0xd1, 0x27, 0x2d, + 0x18, 0x8c, 0xdd, 0xe6, 0x72, 0x14, 0x6e, 0x79, 0x75, 0x12, 0x09, 0x1d, 0xf3, 0x90, 0x9c, 0x6d, + 0x65, 0x66, 0x51, 0x36, 0xa8, 0xe9, 0x72, 0xf3, 0x85, 0x86, 0x60, 0x93, 0x2e, 0x3d, 0x7b, 0x3d, + 0x2c, 0xbe, 0x7d, 0x96, 0xb8, 0x6c, 0xc7, 0xc9, 0x33, 0x33, 0x5b, 0x29, 0x87, 0xd6, 0xb9, 0x67, + 0xdb, 0xee, 0x26, 0xdd, 0x6f, 0xba, 0x43, 0x6f, 0xbd, 0xb3, 0x3b, 0xfe, 0xf0, 0x4c, 0x3e, 0x4d, + 0xdc, 0xad, 0x33, 0x6c, 0xc0, 0x5a, 0x6d, 0xdf, 0xc7, 0xe4, 0xd5, 0x36, 0x61, 0x16, 0xb1, 0x02, + 0x06, 0x6c, 0x59, 0x37, 0x98, 0x19, 0x30, 0x03, 0x82, 0x4d, 0xba, 0xe8, 0x55, 0xe8, 0x6f, 0x3a, + 0x49, 0xe4, 0x6d, 0x0b, 0x33, 0xd8, 0x21, 0x4f, 0x41, 0x8b, 0xac, 0x2d, 0x4d, 0x9c, 0x09, 0x7a, + 0x5e, 0x88, 0x05, 0x21, 0xd4, 0x84, 0x4a, 0x93, 0x44, 0x0d, 0x32, 0x56, 0x2d, 0xc2, 0xe4, 0xbf, + 0x48, 0x9b, 0xd2, 0x04, 0x6b, 0x54, 0xb9, 0x62, 0x65, 0x98, 0x53, 0x41, 0x2f, 0x43, 0x35, 0x26, + 0x3e, 0x71, 0xa9, 0x7a, 0x54, 0x63, 0x14, 0x7f, 0xb2, 0x47, 0x55, 0x91, 0xea, 0x25, 0x2b, 0xa2, + 0x2a, 0xdf, 0x60, 0xf2, 0x1f, 0x56, 0x4d, 0xd2, 0x01, 0x6c, 0xf9, 0xed, 0x86, 0x17, 0x8c, 0x41, + 0x11, 0x03, 0xb8, 0xcc, 0xda, 0xca, 0x0c, 0x20, 0x2f, 0xc4, 0x82, 0x90, 0xfd, 0x5f, 0x2d, 0x40, + 0x69, 0xa6, 0x76, 0x0c, 0x3a, 0xf1, 0xab, 0x69, 0x9d, 0x78, 0xa1, 0x48, 0xa5, 0xa5, 0x8b, 0x5a, + 0xfc, 0x5b, 0x35, 0xc8, 0x88, 0x83, 0x6b, 0x24, 0x4e, 0x48, 0xfd, 0x4d, 0x16, 0xfe, 0x26, 0x0b, + 0x7f, 0x93, 0x85, 0x2b, 0x16, 0xbe, 0x96, 0x61, 0xe1, 0xef, 0x36, 0x76, 0xbd, 0xbe, 0x5f, 0x7f, + 0x45, 0x5d, 0xc0, 0x9b, 0x3d, 0x30, 0x10, 0x28, 0x27, 0xb8, 0xb2, 0xb2, 0x74, 0x2d, 0x97, 0x67, + 0xbf, 0x92, 0xe6, 0xd9, 0x87, 0x25, 0xf1, 0xff, 0x03, 0x97, 0xfe, 0x7d, 0x0b, 0xde, 0x96, 0xe6, + 0x5e, 0x72, 0xe5, 0xcc, 0x37, 0x82, 0x30, 0x22, 0xb3, 0xde, 0xfa, 0x3a, 0x89, 0x48, 0xe0, 0x92, + 0x58, 0xd9, 0x76, 0xac, 0x6e, 0xb6, 0x1d, 0xf4, 0x2c, 0x0c, 0xdd, 0x8a, 0xc3, 0x60, 0x39, 0xf4, + 0x02, 0xc1, 0x82, 0xe8, 0x89, 0xe3, 0xe4, 0x9d, 0xdd, 0xf1, 0x21, 0x3a, 0xa2, 0xb2, 0x1c, 0xa7, + 0xb0, 0xd0, 0x0c, 0x8c, 0xde, 0x7a, 0x75, 0xd9, 0x49, 0x0c, 0x6b, 0x82, 0x3c, 0xf7, 0xb3, 0xfb, + 0xa8, 0x2b, 0x2f, 0x66, 0x80, 0xb8, 0x13, 0xdf, 0xfe, 0xdb, 0x25, 0x38, 0x9b, 0xf9, 0x90, 0xd0, + 0xf7, 0xc3, 0x76, 0x42, 0xcf, 0x44, 0xe8, 0xcb, 0x16, 0x9c, 0x6c, 0xa6, 0x0d, 0x16, 0xb1, 0x30, + 0x77, 0xbf, 0xb7, 0x30, 0x19, 0x91, 0xb1, 0x88, 0x4c, 0x8f, 0x89, 0x11, 0x3a, 0x99, 0x01, 0xc4, + 0xb8, 0xa3, 0x2f, 0xe8, 0x65, 0xa8, 0x35, 0x9d, 0xed, 0xeb, 0xad, 0xba, 0x93, 0xc8, 0xe3, 0x68, + 0x77, 0x2b, 0x42, 0x3b, 0xf1, 0xfc, 0x09, 0xee, 0xb9, 0x31, 0x31, 0x1f, 0x24, 0x4b, 0xd1, 0x4a, + 0x12, 0x79, 0x41, 0x83, 0x1b, 0x39, 0x17, 0x65, 0x33, 0x58, 0xb7, 0x68, 0x7f, 0xc9, 0xca, 0x0a, + 0x29, 0x35, 0x3a, 0x91, 0x93, 0x90, 0xc6, 0x0e, 0xfa, 0x10, 0x54, 0xe8, 0xb9, 0x51, 0x8e, 0xca, + 0xcd, 0x22, 0x25, 0xa7, 0x31, 0x13, 0x5a, 0x88, 0xd2, 0x7f, 0x31, 0xe6, 0x44, 0xed, 0x2f, 0xd7, + 0xb2, 0xca, 0x02, 0xbb, 0x9b, 0xbf, 0x00, 0xd0, 0x08, 0x57, 0x49, 0xb3, 0xe5, 0xd3, 0x61, 0xb1, + 0xd8, 0x05, 0x8f, 0x32, 0x95, 0xcc, 0x29, 0x08, 0x36, 0xb0, 0xd0, 0x2f, 0x5b, 0x00, 0x0d, 0xb9, + 0xe6, 0xa5, 0x22, 0x70, 0xbd, 0xc8, 0xcf, 0xd1, 0x3b, 0x4a, 0xf7, 0x45, 0x11, 0xc4, 0x06, 0x71, + 0xf4, 0x0b, 0x16, 0x54, 0x13, 0xd9, 0x7d, 0x2e, 0x1a, 0x57, 0x8b, 0xec, 0x89, 0xfc, 0x68, 0xad, + 0x13, 0xa9, 0x21, 0x51, 0x74, 0xd1, 0x2f, 0x5a, 0x00, 0xf1, 0x4e, 0xe0, 0x2e, 0x87, 0xbe, 0xe7, + 0xee, 0x08, 0x89, 0x79, 0xa3, 0x50, 0x73, 0x8e, 0x6a, 0x7d, 0xfa, 0x04, 0x1d, 0x0d, 0xfd, 0x1f, + 0x1b, 0x94, 0xd1, 0x47, 0xa0, 0x1a, 0x8b, 0xe5, 0x26, 0x64, 0xe4, 0x6a, 0xb1, 0x46, 0x25, 0xde, + 0xb6, 0x60, 0xaf, 0xe2, 0x1f, 0x56, 0x34, 0xd1, 0xdf, 0xb4, 0x60, 0xa4, 0x95, 0x36, 0x13, 0x0a, + 0x71, 0x58, 0x1c, 0x0f, 0xc8, 0x98, 0x21, 0xb9, 0xb5, 0x25, 0x53, 0x88, 0xb3, 0xbd, 0xa0, 0x1c, + 0x50, 0xaf, 0xe0, 0xa5, 0x16, 0x37, 0x59, 0x0e, 0x68, 0x0e, 0x38, 0x97, 0x05, 0xe2, 0x4e, 0x7c, + 0xb4, 0x0c, 0xa7, 0x69, 0xef, 0x76, 0xb8, 0xfa, 0x29, 0xc5, 0x4b, 0xcc, 0x84, 0x61, 0x75, 0xfa, + 0x11, 0xb1, 0x42, 0xd8, 0x5d, 0x47, 0x16, 0x07, 0xe7, 0xd6, 0x44, 0x7f, 0x64, 0xc1, 0x23, 0x1e, + 0x13, 0x03, 0xa6, 0xc1, 0x5e, 0x4b, 0x04, 0x71, 0xd1, 0x4e, 0x0a, 0xe5, 0x15, 0xdd, 0xc4, 0xcf, + 0xf4, 0x8f, 0x8a, 0x2f, 0x78, 0x64, 0x7e, 0x8f, 0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x0a, 0x86, + 0xe5, 0xbe, 0x58, 0xa6, 0x2c, 0x98, 0x09, 0xda, 0xda, 0xf4, 0xe8, 0x9d, 0xdd, 0xf1, 0xe1, 0x55, + 0x13, 0x80, 0xd3, 0x78, 0xf6, 0xbf, 0x29, 0xa7, 0x6e, 0x89, 0x94, 0x0d, 0x93, 0xb1, 0x1b, 0x57, + 0xda, 0x7f, 0x24, 0xf7, 0x2c, 0x94, 0xdd, 0x28, 0xeb, 0x92, 0x66, 0x37, 0xaa, 0x28, 0xc6, 0x06, + 0x71, 0xaa, 0x94, 0x8e, 0x3a, 0x59, 0x4b, 0xa9, 0xe0, 0x80, 0x2f, 0x17, 0xd9, 0xa5, 0xce, 0x3b, + 0xbd, 0xb3, 0xa2, 0x6b, 0xa3, 0x1d, 0x20, 0xdc, 0xd9, 0x25, 0xf4, 0x61, 0xa8, 0x45, 0xca, 0xb3, + 0xa5, 0x5c, 0xc4, 0x51, 0x4d, 0x2e, 0x1b, 0xd1, 0x1d, 0x75, 0x01, 0xa4, 0x7d, 0x58, 0x34, 0x45, + 0xfb, 0x0f, 0xd2, 0x17, 0x63, 0x06, 0xef, 0xe8, 0xe1, 0xd2, 0xef, 0x73, 0x16, 0x0c, 0x46, 0xa1, + 0xef, 0x7b, 0x41, 0x83, 0xf2, 0x39, 0x21, 0xac, 0xdf, 0x7f, 0x24, 0xf2, 0x52, 0x30, 0x34, 0xa6, + 0x59, 0x63, 0x4d, 0x13, 0x9b, 0x1d, 0xb0, 0xff, 0xcc, 0x82, 0xb1, 0x6e, 0xfc, 0x18, 0x11, 0x78, + 0xab, 0x64, 0x36, 0x6a, 0x28, 0x96, 0x82, 0x59, 0xe2, 0x13, 0x65, 0x36, 0xaf, 0x4e, 0x3f, 0x2e, + 0x3e, 0xf3, 0xad, 0xcb, 0xdd, 0x51, 0xf1, 0x5e, 0xed, 0xa0, 0x97, 0xe0, 0xa4, 0xf1, 0x5d, 0xb1, + 0x1a, 0x98, 0xda, 0xf4, 0x04, 0x55, 0x80, 0xa6, 0x32, 0xb0, 0xbb, 0xbb, 0xe3, 0x0f, 0x65, 0xcb, + 0x84, 0xc0, 0xe8, 0x68, 0xc7, 0xfe, 0x5a, 0x29, 0x3b, 0x5b, 0x4a, 0xd6, 0xbf, 0x61, 0x75, 0x58, + 0x13, 0xde, 0x7b, 0x14, 0xf2, 0x95, 0xd9, 0x1d, 0x94, 0x1b, 0x46, 0x77, 0x9c, 0xfb, 0x78, 0x6d, + 0x6f, 0xff, 0xdb, 0x3e, 0xd8, 0xa3, 0x67, 0x3d, 0x28, 0xef, 0x07, 0xbe, 0x47, 0xfd, 0x8c, 0xa5, + 0x2e, 0xcc, 0xf8, 0x1e, 0xae, 0x1f, 0xd5, 0xd8, 0xf3, 0xf3, 0x53, 0xcc, 0x5d, 0x47, 0x94, 0x15, + 0x3d, 0x7d, 0x35, 0x87, 0xbe, 0x62, 0xa5, 0xaf, 0xfc, 0xb8, 0x53, 0xa3, 0x77, 0x64, 0x7d, 0x32, + 0xee, 0x11, 0x79, 0xc7, 0xf4, 0xed, 0x53, 0xb7, 0x1b, 0xc6, 0x09, 0x80, 0x75, 0x2f, 0x70, 0x7c, + 0xef, 0x35, 0x7a, 0x3a, 0xaa, 0x30, 0x01, 0xcf, 0x34, 0xa6, 0x4b, 0xaa, 0x14, 0x1b, 0x18, 0xe7, + 0xfe, 0x2a, 0x0c, 0x1a, 0x5f, 0x9e, 0xe3, 0xf1, 0x72, 0xda, 0xf4, 0x78, 0xa9, 0x19, 0x8e, 0x2a, + 0xe7, 0xde, 0x0d, 0x27, 0xb3, 0x1d, 0x3c, 0x48, 0x7d, 0xfb, 0x7f, 0x0f, 0x64, 0xef, 0xe0, 0x56, + 0x49, 0xd4, 0xa4, 0x5d, 0x7b, 0xd3, 0xb0, 0xf5, 0xa6, 0x61, 0xeb, 0x4d, 0xc3, 0x96, 0x79, 0x37, + 0x21, 0x8c, 0x36, 0x03, 0xc7, 0x64, 0xb4, 0x49, 0x99, 0xa1, 0xaa, 0x85, 0x9b, 0xa1, 0xec, 0x4f, + 0x76, 0x58, 0xee, 0x57, 0x23, 0x42, 0x50, 0x08, 0x95, 0x20, 0xac, 0x13, 0xa9, 0xe3, 0x5e, 0x29, + 0x46, 0x61, 0xbb, 0x16, 0xd6, 0x0d, 0x77, 0x71, 0xfa, 0x2f, 0xc6, 0x9c, 0x8e, 0x7d, 0xa7, 0x02, + 0x29, 0x75, 0x92, 0xcf, 0xfb, 0x8f, 0xc3, 0x40, 0x44, 0x5a, 0xe1, 0x75, 0xbc, 0x20, 0x64, 0x99, + 0x8e, 0x28, 0xe1, 0xc5, 0x58, 0xc2, 0xa9, 0xcc, 0x6b, 0x39, 0xc9, 0x86, 0x10, 0x66, 0x4a, 0xe6, + 0x2d, 0x3b, 0xc9, 0x06, 0x66, 0x10, 0xf4, 0x6e, 0x38, 0x91, 0xa4, 0xae, 0xc2, 0xc5, 0x95, 0xef, + 0x43, 0x02, 0xf7, 0x44, 0xfa, 0xa2, 0x1c, 0x67, 0xb0, 0xd1, 0xab, 0xd0, 0xb7, 0x41, 0xfc, 0xa6, + 0x98, 0xfa, 0x95, 0xe2, 0x64, 0x0d, 0xfb, 0xd6, 0xcb, 0xc4, 0x6f, 0x72, 0x4e, 0x48, 0x7f, 0x61, + 0x46, 0x8a, 0xae, 0xfb, 0xda, 0x66, 0x3b, 0x4e, 0xc2, 0xa6, 0xf7, 0x9a, 0xb4, 0x74, 0xbe, 0xb7, + 0x60, 0xc2, 0x57, 0x65, 0xfb, 0xdc, 0xa4, 0xa4, 0xfe, 0x62, 0x4d, 0x99, 0xf5, 0xa3, 0xee, 0x45, + 0x6c, 0xc9, 0xec, 0x08, 0x83, 0x65, 0xd1, 0xfd, 0x98, 0x95, 0xed, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, + 0x53, 0x46, 0x3b, 0x6a, 0xff, 0x0d, 0xb2, 0x3e, 0x5c, 0x2f, 0xb8, 0x0f, 0x7c, 0xef, 0xe5, 0xee, + 0xc3, 0xc7, 0xa1, 0xe2, 0x6e, 0x38, 0x51, 0x32, 0x36, 0xc4, 0x16, 0x8d, 0x5a, 0xc5, 0x33, 0xb4, + 0x10, 0x73, 0x18, 0x7a, 0x14, 0xca, 0x11, 0x59, 0x67, 0xde, 0xc9, 0x86, 0x5f, 0x14, 0x26, 0xeb, + 0x98, 0x96, 0xdb, 0xbf, 0x56, 0x4a, 0xab, 0x6d, 0xe9, 0xef, 0xe6, 0xab, 0xdd, 0x6d, 0x47, 0xb1, + 0x34, 0x7f, 0x19, 0xab, 0x9d, 0x15, 0x63, 0x09, 0x47, 0x1f, 0xb3, 0x60, 0xe0, 0x56, 0x1c, 0x06, + 0x01, 0x49, 0x84, 0x88, 0xbc, 0x51, 0xf0, 0x50, 0x5c, 0xe1, 0xad, 0xeb, 0x3e, 0x88, 0x02, 0x2c, + 0xe9, 0xd2, 0xee, 0x92, 0x6d, 0xd7, 0x6f, 0xd7, 0x3b, 0x5c, 0x5d, 0x2e, 0xf2, 0x62, 0x2c, 0xe1, + 0x14, 0xd5, 0x0b, 0x38, 0x6a, 0x5f, 0x1a, 0x75, 0x3e, 0x10, 0xa8, 0x02, 0x6e, 0x7f, 0x63, 0x00, + 0xce, 0xe4, 0x6e, 0x0e, 0xaa, 0x50, 0x31, 0x95, 0xe5, 0x92, 0xe7, 0x13, 0xe9, 0xe4, 0xc5, 0x14, + 0xaa, 0x1b, 0xaa, 0x14, 0x1b, 0x18, 0xe8, 0xe7, 0x01, 0x5a, 0x4e, 0xe4, 0x34, 0x89, 0x32, 0x4f, + 0x1f, 0x5a, 0x6f, 0xa1, 0xfd, 0x58, 0x96, 0x6d, 0xea, 0x23, 0xba, 0x2a, 0x8a, 0xb1, 0x41, 0x12, + 0x3d, 0x07, 0x83, 0x11, 0xf1, 0x89, 0x13, 0x33, 0xe7, 0xf6, 0x6c, 0xa4, 0x0e, 0xd6, 0x20, 0x6c, + 0xe2, 0xa1, 0x27, 0x94, 0x3f, 0x5c, 0xc6, 0x2f, 0x28, 0xed, 0x13, 0x87, 0x5e, 0xb7, 0xe0, 0xc4, + 0xba, 0xe7, 0x13, 0x4d, 0x5d, 0xc4, 0xd5, 0x2c, 0x1d, 0xfe, 0x23, 0x2f, 0x99, 0xed, 0x6a, 0x0e, + 0x99, 0x2a, 0x8e, 0x71, 0x86, 0x3c, 0x9d, 0xe6, 0x2d, 0x12, 0x31, 0xd6, 0xda, 0x9f, 0x9e, 0xe6, + 0x1b, 0xbc, 0x18, 0x4b, 0x38, 0x9a, 0x82, 0x91, 0x96, 0x13, 0xc7, 0x33, 0x11, 0xa9, 0x93, 0x20, + 0xf1, 0x1c, 0x9f, 0x47, 0xbd, 0x54, 0xb5, 0xb3, 0xf8, 0x72, 0x1a, 0x8c, 0xb3, 0xf8, 0xe8, 0x7d, + 0xf0, 0x30, 0xb7, 0xff, 0x2c, 0x7a, 0x71, 0xec, 0x05, 0x0d, 0xbd, 0x0c, 0x84, 0x19, 0x6c, 0x5c, + 0x34, 0xf5, 0xf0, 0x7c, 0x3e, 0x1a, 0xee, 0x56, 0x1f, 0x3d, 0x05, 0xd5, 0x78, 0xd3, 0x6b, 0xcd, + 0x44, 0xf5, 0x98, 0xdd, 0xfd, 0x54, 0xb5, 0xd1, 0x75, 0x45, 0x94, 0x63, 0x85, 0x81, 0x5c, 0x18, + 0xe2, 0x53, 0xc2, 0x1d, 0xfa, 0x04, 0x7f, 0x7c, 0xba, 0xab, 0x98, 0x16, 0x41, 0x9c, 0x13, 0xd8, + 0xb9, 0x7d, 0x51, 0xde, 0x44, 0xf1, 0x8b, 0x93, 0x1b, 0x46, 0x33, 0x38, 0xd5, 0x68, 0xfa, 0xc4, + 0x36, 0xd8, 0xc3, 0x89, 0xed, 0x39, 0x18, 0xdc, 0x6c, 0xaf, 0x11, 0x31, 0xf2, 0x82, 0x6d, 0xa9, + 0xd5, 0x77, 0x55, 0x83, 0xb0, 0x89, 0xc7, 0x7c, 0x29, 0x5b, 0x9e, 0xf8, 0x17, 0x8f, 0x0d, 0x1b, + 0xbe, 0x94, 0xcb, 0xf3, 0xb2, 0x18, 0x9b, 0x38, 0xf6, 0xaf, 0x94, 0xd2, 0x46, 0x09, 0x93, 0x7f, + 0xa0, 0x98, 0x72, 0x89, 0xe4, 0x86, 0x13, 0x49, 0x5d, 0xe2, 0x90, 0x71, 0x43, 0xa2, 0xdd, 0x1b, + 0x4e, 0x64, 0xf2, 0x1b, 0x46, 0x00, 0x4b, 0x4a, 0xe8, 0x16, 0xf4, 0x25, 0xbe, 0x53, 0x50, 0xa0, + 0xa1, 0x41, 0x51, 0xdb, 0x88, 0x16, 0xa6, 0x62, 0xcc, 0x68, 0xa0, 0x47, 0xe8, 0xc1, 0x68, 0x4d, + 0x5e, 0x62, 0x89, 0xb3, 0xcc, 0x5a, 0x8c, 0x59, 0xa9, 0xfd, 0xb5, 0xa1, 0x1c, 0x96, 0xaf, 0x64, + 0x2c, 0xba, 0x00, 0x40, 0x67, 0x6c, 0x39, 0x22, 0xeb, 0xde, 0xb6, 0xd0, 0x71, 0x14, 0x5b, 0xb9, + 0xa6, 0x20, 0xd8, 0xc0, 0x92, 0x75, 0x56, 0xda, 0xeb, 0xb4, 0x4e, 0xa9, 0xb3, 0x0e, 0x87, 0x60, + 0x03, 0x0b, 0x3d, 0x0b, 0xfd, 0x5e, 0xd3, 0x69, 0x28, 0x1f, 0xdb, 0x47, 0x28, 0x3f, 0x99, 0x67, + 0x25, 0x77, 0x77, 0xc7, 0x4f, 0xa8, 0x0e, 0xb1, 0x22, 0x2c, 0x70, 0xd1, 0xd7, 0x2c, 0x18, 0x72, + 0xc3, 0x66, 0x33, 0x0c, 0xf8, 0xc9, 0x54, 0x1c, 0xb3, 0x6f, 0x1d, 0x95, 0x06, 0x32, 0x31, 0x63, + 0x10, 0xe3, 0xe7, 0x6c, 0x15, 0x11, 0x69, 0x82, 0x70, 0xaa, 0x57, 0x26, 0xdb, 0xa9, 0xec, 0xc3, + 0x76, 0x7e, 0xc3, 0x82, 0x51, 0x5e, 0xd7, 0x38, 0x30, 0x8b, 0xe0, 0xbf, 0xf0, 0x88, 0x3f, 0xab, + 0xc3, 0x86, 0xa0, 0xec, 0xa8, 0x1d, 0x70, 0xdc, 0xd9, 0x49, 0x34, 0x07, 0xa3, 0xeb, 0x61, 0xe4, + 0x12, 0x73, 0x20, 0x04, 0xcf, 0x54, 0x0d, 0x5d, 0xca, 0x22, 0xe0, 0xce, 0x3a, 0xe8, 0x06, 0x3c, + 0x64, 0x14, 0x9a, 0xe3, 0xc0, 0xd9, 0xe6, 0x63, 0xa2, 0xb5, 0x87, 0x2e, 0xe5, 0x62, 0xe1, 0x2e, + 0xb5, 0xa9, 0x7e, 0xcd, 0x20, 0x8a, 0x1b, 0x09, 0xd6, 0xa9, 0xa5, 0x47, 0x0a, 0x8a, 0x33, 0xd8, + 0x69, 0x0e, 0x07, 0x3d, 0x70, 0xb8, 0x57, 0xe0, 0xac, 0xdb, 0x39, 0xb2, 0x5b, 0x71, 0x7b, 0x8d, + 0x45, 0xbe, 0x51, 0xda, 0x3f, 0x22, 0x1a, 0x38, 0x3b, 0xd3, 0x0d, 0x11, 0x77, 0x6f, 0x03, 0x7d, + 0x08, 0xaa, 0x11, 0x61, 0xb3, 0xca, 0x43, 0xd8, 0x0e, 0x6d, 0x88, 0xd0, 0xca, 0x35, 0x6f, 0x56, + 0x8b, 0x15, 0x51, 0x10, 0x63, 0x45, 0x11, 0xdd, 0x86, 0x81, 0x96, 0x93, 0xb8, 0x1b, 0x84, 0x73, + 0xe1, 0x43, 0x9b, 0xcd, 0x15, 0x71, 0x76, 0xcb, 0x61, 0x44, 0xdc, 0x73, 0x22, 0x58, 0x52, 0xa3, + 0x8a, 0x96, 0x1b, 0x36, 0x5b, 0x61, 0x40, 0x64, 0xec, 0x9b, 0x50, 0xb4, 0x66, 0x54, 0x29, 0x36, + 0x30, 0xd0, 0x32, 0x9c, 0x66, 0x66, 0xb9, 0x9b, 0x5e, 0xb2, 0x11, 0xb6, 0x13, 0x79, 0xca, 0x1c, + 0x1b, 0x49, 0x5f, 0x46, 0x2d, 0xe4, 0xe0, 0xe0, 0xdc, 0x9a, 0x59, 0xd9, 0x75, 0xf2, 0xde, 0x64, + 0xd7, 0xe8, 0xfe, 0xb2, 0xeb, 0xdc, 0x7b, 0x60, 0xb4, 0x83, 0xe9, 0x1c, 0xc8, 0xf6, 0x36, 0x0b, + 0x0f, 0xe5, 0x6f, 0xef, 0x03, 0x59, 0xe0, 0xfe, 0x69, 0xc6, 0x05, 0xdb, 0x38, 0x8d, 0xf4, 0x60, + 0xcd, 0x75, 0xa0, 0x4c, 0x82, 0x2d, 0x21, 0xed, 0x2e, 0x1d, 0x6e, 0x95, 0x5c, 0x0c, 0xb6, 0x38, + 0x77, 0x62, 0x26, 0xab, 0x8b, 0xc1, 0x16, 0xa6, 0x6d, 0xa3, 0x2f, 0x58, 0x29, 0x6d, 0x9a, 0xdb, + 0x80, 0x3f, 0x70, 0x24, 0xc7, 0xaf, 0x9e, 0x15, 0x6c, 0xfb, 0x0f, 0x4b, 0x70, 0x7e, 0xbf, 0x46, + 0x7a, 0x18, 0xbe, 0xc7, 0xa1, 0x3f, 0x66, 0x4e, 0x15, 0x42, 0x7c, 0x0c, 0xd2, 0x5d, 0xc1, 0xdd, + 0x2c, 0x5e, 0xc1, 0x02, 0x84, 0x7c, 0x28, 0x37, 0x9d, 0x96, 0x30, 0x0d, 0xce, 0x1f, 0x36, 0x54, + 0x8d, 0xfe, 0x77, 0xfc, 0x45, 0xa7, 0xc5, 0x97, 0xa7, 0x51, 0x80, 0x29, 0x19, 0x94, 0x40, 0xc5, + 0x89, 0x22, 0x47, 0xde, 0xe0, 0x5f, 0x2d, 0x86, 0xde, 0x14, 0x6d, 0x92, 0x5f, 0x80, 0xa6, 0x8a, + 0x30, 0x27, 0x66, 0x7f, 0x66, 0x20, 0x15, 0xd7, 0xc4, 0xdc, 0x32, 0x62, 0xe8, 0x17, 0x16, 0x41, + 0xab, 0xe8, 0x08, 0x41, 0x1e, 0x38, 0xcc, 0x0e, 0xdb, 0x22, 0xfd, 0x82, 0x20, 0x85, 0x3e, 0x6d, + 0xb1, 0x24, 0x07, 0x32, 0x58, 0x4c, 0x1c, 0x71, 0x8f, 0x26, 0xe7, 0x82, 0x99, 0x3a, 0x41, 0x16, + 0x62, 0x93, 0xba, 0x48, 0x56, 0xc2, 0x54, 0xfb, 0xce, 0x64, 0x25, 0x4c, 0x55, 0x97, 0x70, 0xb4, + 0x9d, 0xe3, 0x7e, 0x51, 0x40, 0xa0, 0x7c, 0x0f, 0x0e, 0x17, 0x5f, 0xb1, 0x60, 0xd4, 0xcb, 0xde, + 0xa3, 0x8b, 0x03, 0xe1, 0xcd, 0x62, 0xcc, 0x77, 0x9d, 0xd7, 0xf4, 0x4a, 0xf1, 0xe8, 0x00, 0xe1, + 0xce, 0xce, 0xa0, 0x3a, 0xf4, 0x79, 0xc1, 0x7a, 0x28, 0xd4, 0xad, 0xe9, 0xc3, 0x75, 0x6a, 0x3e, + 0x58, 0x0f, 0xf5, 0x6e, 0xa6, 0xff, 0x30, 0x6b, 0x1d, 0x2d, 0xc0, 0x69, 0x19, 0xda, 0x72, 0xd9, + 0x8b, 0x93, 0x30, 0xda, 0x59, 0xf0, 0x9a, 0x5e, 0xc2, 0x54, 0xa5, 0xf2, 0xf4, 0x18, 0x95, 0x44, + 0x38, 0x07, 0x8e, 0x73, 0x6b, 0xa1, 0xd7, 0x60, 0x40, 0xde, 0x5d, 0x57, 0x8b, 0x38, 0x5c, 0x77, + 0xae, 0x7f, 0xb5, 0x98, 0x56, 0xc4, 0xe5, 0xb5, 0x24, 0x68, 0xbf, 0x3e, 0x08, 0x9d, 0x57, 0xec, + 0xe9, 0xfb, 0x74, 0xeb, 0xb8, 0xef, 0xd3, 0xe9, 0xd1, 0x2a, 0xd6, 0x57, 0xe1, 0x05, 0xac, 0x6d, + 0x41, 0x55, 0x5f, 0x73, 0xee, 0x04, 0x2e, 0x66, 0x34, 0x50, 0x04, 0xfd, 0x1b, 0xc4, 0xf1, 0x93, + 0x8d, 0x62, 0x6e, 0x64, 0x2e, 0xb3, 0xb6, 0xb2, 0xf1, 0x68, 0xbc, 0x14, 0x0b, 0x4a, 0x68, 0x1b, + 0x06, 0x36, 0xf8, 0x02, 0x10, 0xa7, 0x9d, 0xc5, 0xc3, 0x0e, 0x6e, 0x6a, 0x55, 0xe9, 0xe9, 0x16, + 0x05, 0x58, 0x92, 0x63, 0xbe, 0x5b, 0x86, 0x77, 0x09, 0xdf, 0xba, 0xc5, 0x85, 0xe2, 0xf5, 0xee, + 0x5a, 0xf2, 0x41, 0x18, 0x8a, 0x88, 0x1b, 0x06, 0xae, 0xe7, 0x93, 0xfa, 0x94, 0xbc, 0x6d, 0x39, + 0x48, 0x04, 0x16, 0x33, 0x66, 0x60, 0xa3, 0x0d, 0x9c, 0x6a, 0x11, 0x7d, 0xca, 0x82, 0x13, 0x2a, + 0x2a, 0x9b, 0x4e, 0x08, 0x11, 0x56, 0xf5, 0x85, 0x82, 0x62, 0xc0, 0x59, 0x9b, 0xd3, 0x88, 0x9e, + 0x3a, 0xd2, 0x65, 0x38, 0x43, 0x17, 0xbd, 0x04, 0x10, 0xae, 0x71, 0x07, 0xad, 0xa9, 0x44, 0x98, + 0xd8, 0x0f, 0xf2, 0xa9, 0x27, 0x78, 0x24, 0xa7, 0x6c, 0x01, 0x1b, 0xad, 0xa1, 0xab, 0x00, 0x7c, + 0xdb, 0xac, 0xee, 0xb4, 0xf8, 0x69, 0x48, 0x87, 0xd0, 0xc1, 0x8a, 0x82, 0xdc, 0xdd, 0x1d, 0xef, + 0x34, 0x79, 0x32, 0x2f, 0x14, 0xa3, 0x3a, 0xfa, 0x39, 0x18, 0x88, 0xdb, 0xcd, 0xa6, 0xa3, 0x0c, + 0xf0, 0x05, 0xc6, 0x86, 0xf2, 0x76, 0x0d, 0x56, 0xc4, 0x0b, 0xb0, 0xa4, 0x88, 0x6e, 0x51, 0xa6, + 0x1a, 0x0b, 0x5b, 0x2c, 0xdb, 0x45, 0x5c, 0x27, 0xe0, 0x86, 0xa8, 0x77, 0x48, 0x15, 0x1f, 0xe7, + 0xe0, 0xdc, 0xdd, 0x1d, 0x7f, 0x28, 0x5d, 0xbe, 0x10, 0x8a, 0x68, 0xcd, 0xdc, 0x36, 0xd1, 0x15, + 0x99, 0xa4, 0x89, 0x7e, 0xb6, 0xcc, 0x1d, 0xf2, 0xa4, 0x4e, 0xd2, 0xc4, 0x8a, 0xbb, 0x8f, 0x99, + 0x59, 0x19, 0x2d, 0xc2, 0x29, 0x37, 0x0c, 0x92, 0x28, 0xf4, 0x7d, 0x9e, 0xa4, 0x8c, 0x9f, 0x2e, + 0xb9, 0x81, 0xfe, 0xad, 0xa2, 0xdb, 0xa7, 0x66, 0x3a, 0x51, 0x70, 0x5e, 0x3d, 0x3b, 0x48, 0x5f, + 0x96, 0x89, 0xc1, 0x79, 0x16, 0x86, 0xc8, 0x76, 0x42, 0xa2, 0xc0, 0xf1, 0xaf, 0xe3, 0x05, 0x69, + 0x9a, 0x66, 0x7b, 0xe0, 0xa2, 0x51, 0x8e, 0x53, 0x58, 0xc8, 0x56, 0x26, 0x19, 0x23, 0x02, 0x99, + 0x9b, 0x64, 0xa4, 0x01, 0xc6, 0xfe, 0x46, 0x39, 0xa5, 0x90, 0xdd, 0x97, 0xab, 0x39, 0x96, 0xea, + 0x46, 0xe6, 0x04, 0x62, 0x00, 0x71, 0xd0, 0x28, 0x92, 0xb2, 0x4a, 0x75, 0xb3, 0x64, 0x12, 0xc2, + 0x69, 0xba, 0x68, 0x13, 0x2a, 0x1b, 0x61, 0x9c, 0xc8, 0xe3, 0xc7, 0x21, 0x4f, 0x3a, 0x97, 0xc3, + 0x38, 0x61, 0x5a, 0x84, 0xfa, 0x6c, 0x5a, 0x12, 0x63, 0x4e, 0x83, 0x9e, 0x41, 0xe3, 0x0d, 0x27, + 0xaa, 0xc7, 0x33, 0x2c, 0x5f, 0x40, 0x1f, 0x53, 0x1f, 0x94, 0xb2, 0xb8, 0xa2, 0x41, 0xd8, 0xc4, + 0xb3, 0xff, 0xdc, 0x4a, 0xdd, 0x5f, 0xdc, 0x64, 0xce, 0xdf, 0x5b, 0x24, 0xa0, 0xdc, 0xc0, 0x74, + 0x37, 0xfb, 0xa9, 0x4c, 0x28, 0xed, 0xdb, 0xba, 0xa5, 0xee, 0xbb, 0x4d, 0x5b, 0x98, 0x60, 0x4d, + 0x18, 0x9e, 0x69, 0x1f, 0xb5, 0xd2, 0x31, 0xd1, 0xa5, 0x22, 0xce, 0x25, 0x66, 0x5e, 0x80, 0x7d, + 0xc3, 0xab, 0xed, 0x2f, 0x58, 0x30, 0x30, 0xed, 0xb8, 0x9b, 0xe1, 0xfa, 0x3a, 0x7a, 0x0a, 0xaa, + 0xf5, 0x76, 0x64, 0x86, 0x67, 0x2b, 0xcb, 0xc6, 0xac, 0x28, 0xc7, 0x0a, 0x83, 0x2e, 0xfd, 0x75, + 0xc7, 0x95, 0xd9, 0x01, 0xca, 0x7c, 0xe9, 0x5f, 0x62, 0x25, 0x58, 0x40, 0xe8, 0xf0, 0x37, 0x9d, + 0x6d, 0x59, 0x39, 0x7b, 0x79, 0xb2, 0xa8, 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0x95, 0x05, 0x63, 0xd3, + 0x4e, 0xec, 0xb9, 0x53, 0xed, 0x64, 0x63, 0xda, 0x4b, 0xd6, 0xda, 0xee, 0x26, 0x49, 0x78, 0x16, + 0x09, 0xda, 0xcb, 0x76, 0x4c, 0x77, 0xa0, 0x3a, 0x0e, 0xaa, 0x5e, 0x5e, 0x17, 0xe5, 0x58, 0x61, + 0xa0, 0xd7, 0x60, 0xb0, 0xe5, 0xc4, 0xf1, 0xed, 0x30, 0xaa, 0x63, 0xb2, 0x5e, 0x4c, 0x9e, 0x99, + 0x15, 0xe2, 0x46, 0x24, 0xc1, 0x64, 0x5d, 0x38, 0x1a, 0xe8, 0xf6, 0xb1, 0x49, 0xcc, 0xfe, 0x65, + 0x0b, 0x4e, 0x4f, 0x13, 0x27, 0x22, 0x11, 0x4b, 0x4b, 0xa3, 0x3e, 0x04, 0xbd, 0x0a, 0xd5, 0x84, + 0x96, 0xd0, 0x1e, 0x59, 0xc5, 0xf6, 0x88, 0xb9, 0x08, 0xac, 0x8a, 0xc6, 0xb1, 0x22, 0x63, 0x7f, + 0xce, 0x82, 0xb3, 0x79, 0x7d, 0x99, 0xf1, 0xc3, 0x76, 0xfd, 0x7e, 0x74, 0xe8, 0x6f, 0x59, 0x30, + 0xc4, 0xae, 0x5d, 0x67, 0x49, 0xe2, 0x78, 0x7e, 0x47, 0x4a, 0x3c, 0xab, 0xc7, 0x94, 0x78, 0xe7, + 0xa1, 0x6f, 0x23, 0x6c, 0x92, 0xac, 0xcb, 0xc0, 0xe5, 0xb0, 0x49, 0x30, 0x83, 0xa0, 0x67, 0xe8, + 0x22, 0xf4, 0x82, 0xc4, 0xa1, 0xdb, 0x51, 0xda, 0xce, 0x47, 0xf8, 0x02, 0x54, 0xc5, 0xd8, 0xc4, + 0xb1, 0xff, 0x65, 0x0d, 0x06, 0x84, 0x7f, 0x4b, 0xcf, 0x59, 0x4d, 0xa4, 0x89, 0xa2, 0xd4, 0xd5, + 0x44, 0x11, 0x43, 0xbf, 0xcb, 0x72, 0x73, 0x0a, 0x4d, 0xf8, 0x6a, 0x21, 0x0e, 0x51, 0x3c, 0xdd, + 0xa7, 0xee, 0x16, 0xff, 0x8f, 0x05, 0x29, 0xf4, 0x79, 0x0b, 0x46, 0xdc, 0x30, 0x08, 0x88, 0xab, + 0xd5, 0xb4, 0xbe, 0x22, 0xfc, 0x5e, 0x66, 0xd2, 0x8d, 0xea, 0x3b, 0xbf, 0x0c, 0x00, 0x67, 0xc9, + 0xa3, 0x17, 0x60, 0x98, 0x8f, 0xd9, 0x8d, 0x94, 0xc1, 0x5f, 0x67, 0x4a, 0x33, 0x81, 0x38, 0x8d, + 0x8b, 0x26, 0xf8, 0xc5, 0x89, 0xc8, 0x49, 0xd6, 0xaf, 0xed, 0x9a, 0x46, 0x36, 0x32, 0x03, 0x03, + 0x45, 0x80, 0x22, 0xb2, 0x1e, 0x91, 0x78, 0x43, 0xf8, 0xff, 0x30, 0x15, 0x71, 0xe0, 0xde, 0xf2, + 0x11, 0xe0, 0x8e, 0x96, 0x70, 0x4e, 0xeb, 0x68, 0x53, 0x9c, 0x91, 0xab, 0x45, 0xf0, 0x73, 0x31, + 0xcd, 0x5d, 0x8f, 0xca, 0xe3, 0x50, 0x61, 0xa2, 0x8b, 0xa9, 0xa6, 0x65, 0x1e, 0x03, 0xc7, 0x04, + 0x1b, 0xe6, 0xe5, 0x68, 0x16, 0x4e, 0x66, 0xf2, 0xbc, 0xc5, 0x4c, 0xf9, 0xac, 0xea, 0x78, 0xa7, + 0x4c, 0x86, 0xb8, 0x18, 0x77, 0xd4, 0x30, 0xed, 0x27, 0x83, 0xfb, 0xd8, 0x4f, 0x76, 0x94, 0x97, + 0x29, 0xb7, 0xb7, 0xbf, 0x58, 0xc8, 0x00, 0xf4, 0xe4, 0x52, 0xfa, 0xd9, 0x8c, 0x4b, 0x29, 0xb7, + 0xb9, 0xdf, 0x28, 0xa6, 0x03, 0x07, 0xf7, 0x1f, 0xbd, 0x9f, 0xfe, 0xa0, 0xff, 0xcb, 0x02, 0x39, + 0xaf, 0x33, 0x8e, 0xbb, 0x41, 0xe8, 0x92, 0x41, 0xef, 0x86, 0x13, 0xca, 0x0a, 0xc0, 0x55, 0x22, + 0x8b, 0xad, 0x1a, 0x75, 0xbd, 0x83, 0x53, 0x50, 0x9c, 0xc1, 0x46, 0x93, 0x50, 0xa3, 0xe3, 0xc4, + 0xab, 0x72, 0xb9, 0xaf, 0x2c, 0x0d, 0x53, 0xcb, 0xf3, 0xa2, 0x96, 0xc6, 0x41, 0x21, 0x8c, 0xfa, + 0x4e, 0x9c, 0xb0, 0x1e, 0xac, 0xec, 0x04, 0xee, 0x3d, 0x66, 0x03, 0x61, 0x41, 0x35, 0x0b, 0xd9, + 0x86, 0x70, 0x67, 0xdb, 0xf6, 0xbf, 0xab, 0xc0, 0x70, 0x8a, 0x33, 0x1e, 0x50, 0x61, 0x78, 0x0a, + 0xaa, 0x52, 0x86, 0x67, 0xd3, 0x1e, 0x29, 0x41, 0xaf, 0x30, 0xa8, 0xd0, 0x5a, 0xd3, 0x52, 0x35, + 0xab, 0xe0, 0x18, 0x02, 0x17, 0x9b, 0x78, 0x8c, 0x29, 0x27, 0x7e, 0x3c, 0xe3, 0x7b, 0x24, 0x48, + 0x78, 0x37, 0x8b, 0x61, 0xca, 0xab, 0x0b, 0x2b, 0x66, 0xa3, 0x9a, 0x29, 0x67, 0x00, 0x38, 0x4b, + 0x1e, 0x7d, 0xc2, 0x82, 0x61, 0xe7, 0x76, 0xac, 0x13, 0x48, 0x0b, 0xe7, 0xd1, 0x43, 0x0a, 0xa9, + 0x54, 0x4e, 0x6a, 0x6e, 0xb5, 0x4e, 0x15, 0xe1, 0x34, 0x51, 0xf4, 0x86, 0x05, 0x88, 0x6c, 0x13, + 0x57, 0xba, 0xb7, 0x8a, 0xbe, 0xf4, 0x17, 0x71, 0x58, 0xbe, 0xd8, 0xd1, 0x2e, 0xe7, 0xea, 0x9d, + 0xe5, 0x38, 0xa7, 0x0f, 0xe8, 0x0a, 0xa0, 0xba, 0x17, 0x3b, 0x6b, 0x3e, 0x99, 0x09, 0x9b, 0x32, + 0x10, 0x54, 0x5c, 0xde, 0x9e, 0x13, 0xe3, 0x8c, 0x66, 0x3b, 0x30, 0x70, 0x4e, 0x2d, 0xb6, 0xca, + 0xa2, 0x70, 0x7b, 0xe7, 0x7a, 0xe4, 0x33, 0x29, 0x61, 0xae, 0x32, 0x51, 0x8e, 0x15, 0x86, 0xfd, + 0x9b, 0x65, 0xb5, 0x95, 0xb5, 0x2f, 0xb7, 0x63, 0xf8, 0x94, 0x5a, 0xf7, 0xee, 0x53, 0xaa, 0x7d, + 0x62, 0x3a, 0xc3, 0x9b, 0x53, 0xd1, 0x90, 0xa5, 0xfb, 0x14, 0x0d, 0xf9, 0x0b, 0x56, 0x2a, 0xb5, + 0xd8, 0xe0, 0x85, 0x97, 0x8a, 0xf5, 0x23, 0x9f, 0xe0, 0xfe, 0x3a, 0x19, 0xb9, 0x92, 0x76, 0xd3, + 0xa2, 0x7c, 0xdc, 0x40, 0x3b, 0x10, 0x1f, 0xfe, 0x0f, 0x65, 0x18, 0x34, 0x64, 0x78, 0xae, 0x42, + 0x66, 0x3d, 0x60, 0x0a, 0x59, 0xe9, 0x00, 0x0a, 0xd9, 0xcf, 0x43, 0xcd, 0x95, 0xf2, 0xa5, 0x98, + 0xe4, 0xe7, 0x59, 0xa9, 0xa5, 0x45, 0x8c, 0x2a, 0xc2, 0x9a, 0x26, 0x9a, 0x4b, 0xc5, 0xd0, 0xa5, + 0x4e, 0xfa, 0x79, 0x41, 0x6e, 0x42, 0x46, 0x75, 0xd6, 0xc9, 0xde, 0x3c, 0x57, 0x7a, 0xf0, 0x9a, + 0xfa, 0x8e, 0xa5, 0x26, 0xf7, 0x18, 0x92, 0xa5, 0xdc, 0x4a, 0x27, 0x4b, 0xb9, 0x58, 0xc8, 0x30, + 0x77, 0xc9, 0x92, 0x72, 0x0d, 0x06, 0x66, 0xc2, 0x66, 0xd3, 0x09, 0xea, 0xe8, 0xc7, 0x60, 0xc0, + 0xe5, 0x3f, 0x85, 0x55, 0x8c, 0xdd, 0xad, 0x0a, 0x28, 0x96, 0x30, 0xf4, 0x08, 0xf4, 0x39, 0x51, + 0x43, 0x5a, 0xc2, 0x98, 0x0f, 0xd5, 0x54, 0xd4, 0x88, 0x31, 0x2b, 0xb5, 0xff, 0x49, 0x1f, 0x30, + 0xd7, 0x03, 0x27, 0x22, 0xf5, 0xd5, 0x90, 0xe5, 0x2c, 0x3d, 0xd2, 0x1b, 0x49, 0x7d, 0x4c, 0x7b, + 0x90, 0x6f, 0x25, 0x8d, 0x9b, 0xa9, 0xf2, 0x31, 0xdf, 0x4c, 0x75, 0xb9, 0x6c, 0xec, 0x7b, 0x80, + 0x2e, 0x1b, 0xed, 0xcf, 0x58, 0x80, 0x94, 0xbf, 0x8a, 0xf6, 0x06, 0x98, 0x84, 0x9a, 0xf2, 0x5c, + 0x11, 0x2a, 0x9d, 0x66, 0x11, 0x12, 0x80, 0x35, 0x4e, 0x0f, 0x67, 0xf3, 0xc7, 0x25, 0xff, 0x2e, + 0xa7, 0x3d, 0xc3, 0x19, 0xd7, 0x17, 0xec, 0xdc, 0xfe, 0xdd, 0x12, 0x3c, 0xc4, 0x95, 0x81, 0x45, + 0x27, 0x70, 0x1a, 0xa4, 0x49, 0x7b, 0xd5, 0xab, 0x7f, 0x87, 0x4b, 0x0f, 0x85, 0x9e, 0xf4, 0xf4, + 0x3e, 0xec, 0xde, 0xe5, 0x7b, 0x8e, 0xef, 0xb2, 0xf9, 0xc0, 0x4b, 0x30, 0x6b, 0x1c, 0xc5, 0x50, + 0x95, 0x2f, 0x83, 0x08, 0x5e, 0x5c, 0x10, 0x21, 0xc5, 0x96, 0x84, 0xdc, 0x24, 0x58, 0x11, 0xa2, + 0xca, 0x8c, 0x1f, 0xba, 0x9b, 0x98, 0xb4, 0x42, 0xc6, 0x77, 0x0d, 0x47, 0xdb, 0x05, 0x51, 0x8e, + 0x15, 0x86, 0xdd, 0x84, 0x11, 0x39, 0x86, 0xad, 0xab, 0x64, 0x07, 0x93, 0x75, 0x2a, 0x7f, 0x5c, + 0x59, 0x64, 0x3c, 0x56, 0xa2, 0xe4, 0xcf, 0x8c, 0x09, 0xc4, 0x69, 0x5c, 0x99, 0xc6, 0xb4, 0x94, + 0x9f, 0xc6, 0xd4, 0xfe, 0x5d, 0x0b, 0xb2, 0x02, 0xd0, 0x48, 0xda, 0x68, 0xed, 0x99, 0xb4, 0xf1, + 0x00, 0x69, 0x0f, 0x7f, 0x16, 0x06, 0x9d, 0x84, 0xea, 0x2c, 0xdc, 0xbe, 0x50, 0xbe, 0xb7, 0x2b, + 0xa8, 0xc5, 0xb0, 0xee, 0xad, 0x7b, 0xcc, 0xae, 0x60, 0x36, 0x67, 0xff, 0x65, 0x1f, 0x8c, 0x76, + 0x84, 0x61, 0xa1, 0xe7, 0x61, 0x48, 0x0d, 0x85, 0xb4, 0xdc, 0xd5, 0x4c, 0x67, 0x4b, 0x0d, 0xc3, + 0x29, 0xcc, 0x1e, 0xf6, 0xc3, 0x3c, 0x9c, 0x8a, 0xc8, 0xab, 0x6d, 0xd2, 0x26, 0x53, 0xeb, 0x09, + 0x89, 0x56, 0x88, 0x1b, 0x06, 0x75, 0x9e, 0x5a, 0xb4, 0x3c, 0xfd, 0xf0, 0x9d, 0xdd, 0xf1, 0x53, + 0xb8, 0x13, 0x8c, 0xf3, 0xea, 0xa0, 0x16, 0x0c, 0xfb, 0xa6, 0xca, 0x29, 0x4e, 0x3a, 0xf7, 0xa4, + 0xad, 0xaa, 0x25, 0x91, 0x2a, 0xc6, 0x69, 0x02, 0x69, 0xbd, 0xb5, 0x72, 0x9f, 0xf4, 0xd6, 0x8f, + 0x6b, 0xbd, 0x95, 0xfb, 0x4a, 0xbc, 0xbf, 0xe0, 0x30, 0xbc, 0xa3, 0x56, 0x5c, 0x5f, 0x84, 0xaa, + 0xf4, 0x23, 0xeb, 0xc9, 0xff, 0xca, 0x6c, 0xa7, 0x0b, 0x03, 0x7d, 0x02, 0x7e, 0xf4, 0x62, 0x14, + 0x19, 0x83, 0x79, 0x2d, 0x4c, 0xa6, 0x7c, 0x3f, 0xbc, 0x4d, 0x75, 0x82, 0xeb, 0x31, 0x11, 0xa6, + 0x24, 0xfb, 0x6e, 0x09, 0x72, 0x4e, 0x65, 0x74, 0x3f, 0x6a, 0x45, 0x24, 0xb5, 0x1f, 0x0f, 0xa6, + 0x8c, 0xa0, 0x6d, 0xee, 0x6b, 0xc7, 0x45, 0xee, 0xfb, 0x8a, 0x3e, 0x55, 0x6a, 0xf7, 0x3b, 0xc5, + 0x8e, 0x94, 0x0b, 0xde, 0x05, 0x00, 0xad, 0x3f, 0x8a, 0xd8, 0x10, 0x75, 0x95, 0xaf, 0xd5, 0x4c, + 0x6c, 0x60, 0xa1, 0xe7, 0x60, 0xd0, 0x0b, 0xe2, 0xc4, 0xf1, 0xfd, 0xcb, 0x5e, 0x90, 0x08, 0x6b, + 0xa9, 0xd2, 0x2d, 0xe6, 0x35, 0x08, 0x9b, 0x78, 0xe7, 0xde, 0x61, 0xcc, 0xdf, 0x41, 0xe6, 0x7d, + 0x03, 0xce, 0xce, 0x79, 0x89, 0x8a, 0x68, 0x52, 0xeb, 0x8d, 0xaa, 0x87, 0x2a, 0x42, 0xcf, 0xea, + 0x1a, 0xa1, 0x67, 0x44, 0x14, 0x95, 0xd2, 0x01, 0x50, 0xd9, 0x88, 0x22, 0xfb, 0x79, 0x38, 0x3d, + 0xe7, 0x25, 0x97, 0x3c, 0x9f, 0x1c, 0x90, 0x88, 0xfd, 0x3b, 0xfd, 0x30, 0x64, 0xc6, 0xe6, 0x1e, + 0x24, 0xc8, 0xf0, 0x73, 0x54, 0x03, 0x14, 0x5f, 0xe7, 0xa9, 0x8b, 0xd0, 0x9b, 0x87, 0x0e, 0x14, + 0xce, 0x1f, 0x31, 0x43, 0x09, 0xd4, 0x34, 0xb1, 0xd9, 0x01, 0x74, 0x1b, 0x2a, 0xeb, 0x2c, 0xe2, + 0xa5, 0x5c, 0x84, 0xb7, 0x48, 0xde, 0x88, 0xea, 0xed, 0xc8, 0x63, 0x66, 0x38, 0x3d, 0x2a, 0xb8, + 0xa3, 0x74, 0x18, 0xa5, 0xe1, 0xca, 0x2c, 0x02, 0x28, 0x15, 0x46, 0x37, 0x91, 0x50, 0xb9, 0x07, + 0x91, 0x90, 0x62, 0xd0, 0xfd, 0xf7, 0x89, 0x41, 0xb3, 0xe8, 0xa5, 0x64, 0x83, 0xa9, 0x95, 0x22, + 0x76, 0x63, 0x80, 0x0d, 0x82, 0x11, 0xbd, 0x94, 0x02, 0xe3, 0x2c, 0x3e, 0xfa, 0x88, 0x62, 0xf1, + 0xd5, 0x22, 0x0c, 0xcd, 0xe6, 0x8a, 0x3e, 0x6a, 0xee, 0xfe, 0x99, 0x12, 0x9c, 0x98, 0x0b, 0xda, + 0xcb, 0x73, 0xcb, 0xed, 0x35, 0xdf, 0x73, 0xaf, 0x92, 0x1d, 0xca, 0xc2, 0x37, 0xc9, 0xce, 0xfc, + 0xac, 0xd8, 0x41, 0x6a, 0xcd, 0x5c, 0xa5, 0x85, 0x98, 0xc3, 0x28, 0x33, 0x5a, 0xf7, 0x82, 0x06, + 0x89, 0x5a, 0x91, 0x27, 0x6c, 0xc0, 0x06, 0x33, 0xba, 0xa4, 0x41, 0xd8, 0xc4, 0xa3, 0x6d, 0x87, + 0xb7, 0x03, 0x12, 0x65, 0xf5, 0xeb, 0x25, 0x5a, 0x88, 0x39, 0x8c, 0x22, 0x25, 0x51, 0x3b, 0x4e, + 0xc4, 0x62, 0x54, 0x48, 0xab, 0xb4, 0x10, 0x73, 0x18, 0xdd, 0xe9, 0x71, 0x7b, 0x8d, 0x39, 0xe3, + 0x64, 0x02, 0x45, 0x56, 0x78, 0x31, 0x96, 0x70, 0x8a, 0xba, 0x49, 0x76, 0x66, 0xe9, 0x61, 0x3c, + 0x13, 0xca, 0x76, 0x95, 0x17, 0x63, 0x09, 0x67, 0xc9, 0x4f, 0xd3, 0xc3, 0xf1, 0x03, 0x97, 0xfc, + 0x34, 0xdd, 0xfd, 0x2e, 0xc7, 0xfa, 0x5f, 0xb7, 0x60, 0xc8, 0x74, 0xa1, 0x43, 0x8d, 0x8c, 0x2e, + 0xbc, 0xd4, 0x91, 0x3b, 0xfb, 0x5d, 0x79, 0xef, 0x4a, 0x36, 0xbc, 0x24, 0x6c, 0xc5, 0x4f, 0x93, + 0xa0, 0xe1, 0x05, 0x84, 0xb9, 0x38, 0x70, 0xd7, 0xbb, 0x94, 0x7f, 0xde, 0x4c, 0x58, 0x27, 0xf7, + 0xa0, 0x4c, 0xdb, 0x37, 0x61, 0xb4, 0x23, 0x7e, 0xb1, 0x07, 0x15, 0x64, 0xdf, 0xe8, 0x71, 0x1b, + 0xc3, 0x20, 0x6d, 0x58, 0x26, 0xe0, 0x9a, 0x81, 0x51, 0xbe, 0x91, 0x28, 0xa5, 0x15, 0x77, 0x83, + 0x34, 0x55, 0x4c, 0x2a, 0xbb, 0x70, 0xb8, 0x91, 0x05, 0xe2, 0x4e, 0x7c, 0xfb, 0xb3, 0x16, 0x0c, + 0xa7, 0x42, 0x4a, 0x0b, 0x52, 0x96, 0xd8, 0x4e, 0x0b, 0x99, 0x47, 0x27, 0x73, 0x6b, 0x2f, 0x33, + 0x61, 0xaa, 0x77, 0x9a, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x42, 0x09, 0xaa, 0xd2, 0x2b, 0xa6, 0x87, + 0xae, 0x7c, 0xda, 0x82, 0x61, 0x75, 0xc9, 0xc3, 0x6c, 0x78, 0xa5, 0x22, 0x82, 0x64, 0x68, 0x0f, + 0x94, 0x15, 0x20, 0x58, 0x0f, 0xb5, 0xe6, 0x8e, 0x4d, 0x62, 0x38, 0x4d, 0x1b, 0xdd, 0x00, 0x88, + 0x77, 0xe2, 0x84, 0x34, 0x0d, 0x6b, 0xa2, 0x6d, 0xec, 0xb8, 0x09, 0x37, 0x8c, 0x08, 0xdd, 0x5f, + 0xd7, 0xc2, 0x3a, 0x59, 0x51, 0x98, 0x5a, 0x85, 0xd2, 0x65, 0xd8, 0x68, 0xc9, 0xfe, 0x47, 0x25, + 0x38, 0x99, 0xed, 0x12, 0x7a, 0x3f, 0x0c, 0x49, 0xea, 0xc6, 0xa9, 0x53, 0xfa, 0xf4, 0x0c, 0x61, + 0x03, 0x76, 0x77, 0x77, 0x7c, 0xbc, 0xf3, 0x8d, 0xd2, 0x09, 0x13, 0x05, 0xa7, 0x1a, 0xe3, 0x37, + 0x6d, 0xe2, 0x4a, 0x78, 0x7a, 0x67, 0xaa, 0xd5, 0x12, 0xd7, 0x65, 0xc6, 0x4d, 0x9b, 0x09, 0xc5, + 0x19, 0x6c, 0xb4, 0x0c, 0xa7, 0x8d, 0x92, 0x6b, 0xc4, 0x6b, 0x6c, 0xac, 0x85, 0x91, 0x3c, 0x81, + 0x3d, 0xa2, 0x9d, 0xf5, 0x3a, 0x71, 0x70, 0x6e, 0x4d, 0x2a, 0xed, 0x5d, 0xa7, 0xe5, 0xb8, 0x5e, + 0xb2, 0x23, 0xcc, 0xa3, 0x8a, 0x37, 0xcd, 0x88, 0x72, 0xac, 0x30, 0xec, 0x45, 0xe8, 0xeb, 0x71, + 0x05, 0xf5, 0xa4, 0xf9, 0xbf, 0x08, 0x55, 0xda, 0x9c, 0x54, 0xef, 0x8a, 0x68, 0x32, 0x84, 0xaa, + 0x7c, 0xf1, 0x09, 0xd9, 0x50, 0xf6, 0x1c, 0x79, 0x99, 0xa9, 0x3e, 0x6b, 0x3e, 0x8e, 0xdb, 0xec, + 0x30, 0x4d, 0x81, 0xe8, 0x71, 0x28, 0x93, 0xed, 0x56, 0xf6, 0xd6, 0xf2, 0xe2, 0x76, 0xcb, 0x8b, + 0x48, 0x4c, 0x91, 0xc8, 0x76, 0x0b, 0x9d, 0x83, 0x92, 0x57, 0x17, 0x42, 0x0a, 0x04, 0x4e, 0x69, + 0x7e, 0x16, 0x97, 0xbc, 0xba, 0xbd, 0x0d, 0x35, 0xf5, 0xc4, 0x14, 0xda, 0x94, 0xbc, 0xdb, 0x2a, + 0xc2, 0x8d, 0x4d, 0xb6, 0xdb, 0x85, 0x6b, 0xb7, 0x01, 0x74, 0x00, 0x6b, 0x51, 0xfc, 0xe5, 0x3c, + 0xf4, 0xb9, 0xa1, 0x88, 0xfb, 0xaf, 0xea, 0x66, 0x18, 0xd3, 0x66, 0x10, 0xfb, 0x26, 0x9c, 0xb8, + 0x1a, 0x84, 0xb7, 0xd9, 0x4b, 0x10, 0x2c, 0xf1, 0x21, 0x6d, 0x78, 0x9d, 0xfe, 0xc8, 0xaa, 0x08, + 0x0c, 0x8a, 0x39, 0x4c, 0xa5, 0x64, 0x2b, 0x75, 0x4b, 0xc9, 0x66, 0x7f, 0xd4, 0x82, 0x21, 0x15, + 0xc9, 0x36, 0xb7, 0xb5, 0x49, 0xdb, 0x6d, 0x44, 0x61, 0xbb, 0x95, 0x6d, 0x97, 0xbd, 0x66, 0x87, + 0x39, 0xcc, 0x0c, 0x11, 0x2d, 0xed, 0x13, 0x22, 0x7a, 0x1e, 0xfa, 0x36, 0xbd, 0xa0, 0x9e, 0x7d, + 0xd5, 0xe8, 0xaa, 0x17, 0xd4, 0x31, 0x83, 0xd8, 0xbf, 0x69, 0xc1, 0x49, 0xd5, 0x05, 0x29, 0x10, + 0x9e, 0x87, 0xa1, 0xb5, 0xb6, 0xe7, 0xd7, 0x65, 0x46, 0xc7, 0x8c, 0x45, 0x65, 0xda, 0x80, 0xe1, + 0x14, 0x26, 0x3d, 0xd7, 0xad, 0x79, 0x81, 0x13, 0xed, 0x2c, 0x6b, 0x09, 0xa4, 0x98, 0xd2, 0xb4, + 0x82, 0x60, 0x03, 0x8b, 0x52, 0x8b, 0x49, 0xa2, 0x1d, 0x5a, 0xf9, 0x44, 0x28, 0x6a, 0x2b, 0x06, + 0x0c, 0xa7, 0x30, 0xed, 0xd7, 0xcb, 0x70, 0x22, 0x1d, 0x09, 0xd8, 0xc3, 0xc1, 0xec, 0x71, 0xa8, + 0xb0, 0xe0, 0xc0, 0xec, 0xa2, 0xe0, 0xe9, 0x13, 0x39, 0x0c, 0xc5, 0xd0, 0xcf, 0x33, 0xa6, 0x14, + 0xf3, 0x96, 0x98, 0xea, 0xa4, 0xb2, 0xe0, 0x30, 0x37, 0x41, 0x91, 0xa4, 0x45, 0x90, 0x42, 0x9f, + 0xb0, 0x60, 0x20, 0x6c, 0x99, 0x49, 0xc0, 0xde, 0x57, 0x64, 0x94, 0xa4, 0x08, 0x9d, 0x12, 0xba, + 0xb4, 0x5a, 0x34, 0x72, 0x22, 0x25, 0xe9, 0x73, 0xef, 0x84, 0x21, 0x13, 0x73, 0x3f, 0x75, 0xba, + 0x6a, 0xaa, 0xd3, 0x9f, 0x36, 0x97, 0x93, 0x88, 0x03, 0xed, 0x61, 0xa3, 0x5e, 0x87, 0x8a, 0xab, + 0x7c, 0x29, 0xee, 0x29, 0x83, 0xb0, 0x4a, 0x61, 0xc2, 0x6e, 0xb5, 0x78, 0x6b, 0xf6, 0x77, 0x2c, + 0x63, 0x7d, 0x60, 0x12, 0xcf, 0xd7, 0x51, 0x04, 0xe5, 0xc6, 0xd6, 0xa6, 0x50, 0x62, 0xaf, 0x14, + 0x34, 0xbc, 0x73, 0x5b, 0x9b, 0x7a, 0xbd, 0x9a, 0xa5, 0x98, 0x12, 0xeb, 0xc1, 0xcc, 0x98, 0x0a, + 0x17, 0x2e, 0xef, 0x1f, 0x2e, 0x6c, 0xbf, 0x51, 0x82, 0xd1, 0x8e, 0x45, 0x85, 0x5e, 0x83, 0x4a, + 0x44, 0xbf, 0x52, 0x7c, 0xde, 0x42, 0x61, 0x01, 0xbe, 0xf1, 0x7c, 0x5d, 0x4b, 0xec, 0x74, 0x39, + 0xe6, 0x24, 0xd1, 0x15, 0x40, 0xda, 0xe3, 0x47, 0xd9, 0x38, 0xf9, 0x27, 0x2b, 0xb7, 0x80, 0xa9, + 0x0e, 0x0c, 0x9c, 0x53, 0x0b, 0xbd, 0x90, 0x35, 0x95, 0x96, 0xd3, 0x86, 0xf0, 0xbd, 0xac, 0x9e, + 0xf6, 0x6f, 0x97, 0x60, 0x38, 0x95, 0x93, 0x0d, 0xf9, 0x50, 0x25, 0x3e, 0xbb, 0xa5, 0x90, 0x62, + 0xea, 0xb0, 0x19, 0xd6, 0x95, 0x68, 0xbd, 0x28, 0xda, 0xc5, 0x8a, 0xc2, 0x83, 0xe1, 0x2d, 0xf0, + 0x3c, 0x0c, 0xc9, 0x0e, 0xbd, 0xcf, 0x69, 0xfa, 0x62, 0x00, 0xd5, 0x1a, 0xbd, 0x68, 0xc0, 0x70, + 0x0a, 0xd3, 0xfe, 0xbd, 0x32, 0x8c, 0xf1, 0x6b, 0x9d, 0xba, 0x5a, 0x79, 0x8b, 0xf2, 0xa4, 0xf6, + 0xd7, 0x74, 0xe6, 0x44, 0xab, 0x88, 0x67, 0x44, 0xbb, 0x11, 0xea, 0xc9, 0xc9, 0xed, 0xcb, 0x19, + 0x27, 0x37, 0xae, 0xb0, 0x37, 0x8e, 0xa8, 0x47, 0x3f, 0x58, 0x5e, 0x6f, 0x7f, 0xbf, 0x04, 0x23, + 0x99, 0xd7, 0x62, 0xd0, 0xeb, 0xe9, 0x04, 0xe3, 0x56, 0x11, 0xd6, 0xf8, 0x3d, 0x1f, 0x10, 0x39, + 0x58, 0x9a, 0xf1, 0xfb, 0xb4, 0x55, 0xec, 0x6f, 0x97, 0xe0, 0x44, 0xfa, 0x99, 0x9b, 0x07, 0x70, + 0xa4, 0xde, 0x0e, 0x35, 0xf6, 0x92, 0x03, 0x7b, 0x9d, 0x99, 0x1b, 0xf3, 0x79, 0xd2, 0x7c, 0x59, + 0x88, 0x35, 0xfc, 0x81, 0xc8, 0xde, 0x6e, 0xff, 0x43, 0x0b, 0xce, 0xf0, 0xaf, 0xcc, 0xae, 0xc3, + 0xbf, 0x9e, 0x37, 0xba, 0x2f, 0x17, 0xdb, 0xc1, 0x4c, 0xc6, 0xcf, 0xfd, 0xc6, 0x97, 0x3d, 0xa6, + 0x2a, 0x7a, 0x9b, 0x5e, 0x0a, 0x0f, 0x60, 0x67, 0x0f, 0xb4, 0x18, 0xec, 0x6f, 0x97, 0x41, 0xbf, + 0x1f, 0x8b, 0x3c, 0x11, 0xf1, 0x5a, 0x48, 0xe6, 0xd3, 0x95, 0x9d, 0xc0, 0xd5, 0x2f, 0xd5, 0x56, + 0x33, 0x01, 0xaf, 0xbf, 0x64, 0xc1, 0xa0, 0x17, 0x78, 0x89, 0xe7, 0xb0, 0x03, 0x78, 0x31, 0x8f, + 0x40, 0x2a, 0x72, 0xf3, 0xbc, 0xe5, 0x30, 0x32, 0x6f, 0x80, 0x14, 0x31, 0x6c, 0x52, 0x46, 0x1f, + 0x14, 0x7e, 0xe8, 0xe5, 0xc2, 0x62, 0xb5, 0xab, 0x19, 0xe7, 0xf3, 0x16, 0x55, 0xbc, 0x92, 0xa8, + 0xa0, 0x14, 0x07, 0x98, 0x36, 0xa5, 0x92, 0x68, 0x2b, 0xd5, 0x96, 0x15, 0x63, 0x4e, 0xc8, 0x8e, + 0x01, 0x75, 0x8e, 0xc5, 0x01, 0x7d, 0x7c, 0x27, 0xa1, 0xe6, 0xb4, 0x93, 0xb0, 0x49, 0x87, 0x49, + 0x5c, 0x52, 0x69, 0x2f, 0x66, 0x09, 0xc0, 0x1a, 0xc7, 0x7e, 0xbd, 0x02, 0x99, 0x10, 0x54, 0xb4, + 0x6d, 0xbe, 0x7d, 0x6c, 0x15, 0xfb, 0xf6, 0xb1, 0xea, 0x4c, 0xde, 0xfb, 0xc7, 0xa8, 0x01, 0x95, + 0xd6, 0x86, 0x13, 0x4b, 0xb5, 0xfa, 0x45, 0x75, 0x8e, 0xa3, 0x85, 0x77, 0x77, 0xc7, 0x7f, 0xa6, + 0x37, 0x7b, 0x2d, 0x5d, 0xab, 0x93, 0x3c, 0x6d, 0x8e, 0x26, 0xcd, 0xda, 0xc0, 0xbc, 0xfd, 0x83, + 0x3c, 0x83, 0xf9, 0x31, 0xf1, 0x64, 0x05, 0x26, 0x71, 0xdb, 0x4f, 0xc4, 0x6a, 0x78, 0xb1, 0xc0, + 0x5d, 0xc6, 0x1b, 0xd6, 0xc9, 0x13, 0xf8, 0x7f, 0x6c, 0x10, 0x45, 0xef, 0x87, 0x5a, 0x9c, 0x38, + 0x51, 0x72, 0x8f, 0xe1, 0xce, 0x6a, 0xd0, 0x57, 0x64, 0x23, 0x58, 0xb7, 0x87, 0x5e, 0x62, 0x89, + 0xa0, 0xbd, 0x78, 0xe3, 0x1e, 0xc3, 0x47, 0x64, 0xd2, 0x68, 0xd1, 0x02, 0x36, 0x5a, 0x43, 0x17, + 0x00, 0xd8, 0xda, 0xe6, 0x9e, 0x8b, 0x55, 0x66, 0x9f, 0x52, 0xac, 0x10, 0x2b, 0x08, 0x36, 0xb0, + 0xec, 0x9f, 0x80, 0x74, 0xf6, 0x0f, 0x34, 0x2e, 0x93, 0x8d, 0x70, 0xfb, 0x35, 0x0b, 0x03, 0x49, + 0xe5, 0x05, 0xf9, 0x0d, 0x0b, 0xcc, 0x14, 0x25, 0xe8, 0x55, 0x9e, 0x0b, 0xc5, 0x2a, 0xe2, 0xce, + 0xd1, 0x68, 0x77, 0x62, 0xd1, 0x69, 0x65, 0x2e, 0xbf, 0x65, 0x42, 0x94, 0x73, 0xef, 0x80, 0xaa, + 0x84, 0x1e, 0x48, 0xa9, 0xfb, 0x08, 0x9c, 0x92, 0x21, 0xa5, 0xd2, 0xe2, 0x2a, 0xee, 0xab, 0xf6, + 0x37, 0x1a, 0x49, 0x4b, 0x50, 0xa9, 0x9b, 0x25, 0xa8, 0x87, 0x17, 0xb0, 0x7f, 0xcb, 0x82, 0xf3, + 0xd9, 0x0e, 0xc4, 0x8b, 0x61, 0xe0, 0x25, 0x61, 0xb4, 0x42, 0x92, 0xc4, 0x0b, 0x1a, 0x2c, 0x85, + 0xdc, 0x6d, 0x27, 0x92, 0x19, 0xfa, 0x19, 0xa3, 0xbc, 0xe9, 0x44, 0x01, 0x66, 0xa5, 0x68, 0x07, + 0xfa, 0xb9, 0x7b, 0x9b, 0xd0, 0xd6, 0x0f, 0xb9, 0x37, 0x72, 0x86, 0x43, 0x1f, 0x17, 0xb8, 0x6b, + 0x1d, 0x16, 0x04, 0xed, 0xef, 0x59, 0x80, 0x96, 0xb6, 0x48, 0x14, 0x79, 0x75, 0xc3, 0x21, 0x8f, + 0x3d, 0xfd, 0x64, 0x3c, 0xf1, 0x64, 0x06, 0x3c, 0x67, 0x9e, 0x7e, 0x32, 0xfe, 0xe5, 0x3f, 0xfd, + 0x54, 0x3a, 0xd8, 0xd3, 0x4f, 0x68, 0x09, 0xce, 0x34, 0xf9, 0x71, 0x83, 0x3f, 0xa7, 0xc2, 0xcf, + 0x1e, 0x2a, 0x36, 0xef, 0xec, 0x9d, 0xdd, 0xf1, 0x33, 0x8b, 0x79, 0x08, 0x38, 0xbf, 0x9e, 0xfd, + 0x0e, 0x40, 0xdc, 0x0f, 0x6f, 0x26, 0xcf, 0xcb, 0xa9, 0xab, 0xf9, 0xc5, 0xfe, 0x52, 0x05, 0x46, + 0x32, 0xf9, 0x9b, 0xe9, 0x51, 0xaf, 0xd3, 0xad, 0xea, 0xd0, 0xf2, 0xbb, 0xb3, 0x7b, 0x3d, 0x39, + 0x6a, 0x05, 0x50, 0xf1, 0x82, 0x56, 0x3b, 0x29, 0x26, 0x34, 0x98, 0x77, 0x62, 0x9e, 0x36, 0x68, + 0x18, 0x9a, 0xe9, 0x5f, 0xcc, 0xc9, 0x14, 0xe9, 0xf6, 0x95, 0x52, 0xc6, 0xfb, 0xee, 0x93, 0x39, + 0xe0, 0x63, 0xda, 0x09, 0xab, 0x52, 0x84, 0x61, 0x31, 0xb3, 0x58, 0x8e, 0xfa, 0x92, 0xfe, 0x1b, + 0x25, 0x18, 0x34, 0x26, 0x0d, 0xfd, 0x5a, 0x3a, 0x81, 0x97, 0x55, 0xdc, 0x27, 0xb1, 0xf6, 0x27, + 0x74, 0x8a, 0x2e, 0xfe, 0x49, 0x4f, 0x74, 0xe6, 0xee, 0xba, 0xbb, 0x3b, 0x7e, 0x32, 0x93, 0x9d, + 0x2b, 0x95, 0xcf, 0xeb, 0xdc, 0x87, 0x61, 0x24, 0xd3, 0x4c, 0xce, 0x27, 0xaf, 0x9a, 0x9f, 0x7c, + 0x68, 0xb3, 0x94, 0x39, 0x64, 0x5f, 0xa7, 0x43, 0x26, 0x22, 0x12, 0x43, 0x9f, 0xf4, 0x60, 0x83, + 0xcd, 0x04, 0x1e, 0x97, 0x7a, 0x0c, 0x3c, 0x7e, 0x12, 0xaa, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, 0xe5, + 0xe3, 0x64, 0xa1, 0xce, 0xcb, 0xa2, 0x0c, 0x2b, 0x28, 0xba, 0x0d, 0xb5, 0x5b, 0xb7, 0x13, 0x7e, + 0x6f, 0x24, 0xec, 0xdb, 0x45, 0x5d, 0x17, 0x29, 0xa5, 0x45, 0x5d, 0x4c, 0x61, 0x4d, 0x0b, 0xd9, + 0xd0, 0xcf, 0x84, 0xa0, 0x8c, 0x65, 0x60, 0xb6, 0x77, 0x26, 0x1d, 0x63, 0x2c, 0x20, 0xf6, 0x57, + 0x6b, 0x70, 0x3a, 0x2f, 0x89, 0x3e, 0xfa, 0x10, 0xf4, 0xf3, 0x3e, 0x16, 0xf3, 0x4e, 0x4b, 0x1e, + 0x8d, 0x39, 0xd6, 0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4d, 0x41, 0xdd, 0x77, 0xd6, 0xc4, 0x0a, + 0x39, 0x1a, 0xea, 0x0b, 0x8e, 0xa6, 0xbe, 0xe0, 0x70, 0xea, 0xbe, 0xb3, 0x86, 0xb6, 0xa1, 0xd2, + 0xf0, 0x12, 0xe2, 0x08, 0x23, 0xc2, 0xcd, 0x23, 0x21, 0x4e, 0x1c, 0xae, 0xa5, 0xb1, 0x9f, 0x98, + 0x13, 0x44, 0x5f, 0xb1, 0x60, 0x64, 0x2d, 0x9d, 0xf1, 0x40, 0x30, 0x4f, 0xe7, 0x08, 0x1e, 0x4a, + 0x48, 0x13, 0xe2, 0x6f, 0x9f, 0x65, 0x0a, 0x71, 0xb6, 0x3b, 0xe8, 0xe3, 0x16, 0x0c, 0xac, 0x7b, + 0xbe, 0x91, 0xab, 0xfa, 0x08, 0x26, 0xe7, 0x12, 0x23, 0xa0, 0x4f, 0x1c, 0xfc, 0x7f, 0x8c, 0x25, + 0xe5, 0x6e, 0x92, 0xaa, 0xff, 0xb0, 0x92, 0x6a, 0xe0, 0x3e, 0x49, 0xaa, 0x4f, 0x59, 0x50, 0x53, + 0x23, 0x2d, 0x22, 0xc7, 0xdf, 0x7f, 0x84, 0x53, 0xce, 0x2d, 0x27, 0xea, 0x2f, 0xd6, 0xc4, 0xd1, + 0xe7, 0x2d, 0x18, 0x74, 0x5e, 0x6b, 0x47, 0xa4, 0x4e, 0xb6, 0xc2, 0x56, 0x2c, 0x1e, 0x4e, 0x7d, + 0xb9, 0xf8, 0xce, 0x4c, 0x51, 0x22, 0xb3, 0x64, 0x6b, 0xa9, 0x15, 0x8b, 0x38, 0x2b, 0x5d, 0x80, + 0xcd, 0x2e, 0xd8, 0xbb, 0x25, 0x18, 0xdf, 0xa7, 0x05, 0xf4, 0x3c, 0x0c, 0x85, 0x51, 0xc3, 0x09, + 0xbc, 0xd7, 0xcc, 0x14, 0x26, 0x4a, 0xcb, 0x5a, 0x32, 0x60, 0x38, 0x85, 0x69, 0xc6, 0xb6, 0x97, + 0xf6, 0x89, 0x6d, 0x3f, 0x0f, 0x7d, 0x11, 0x69, 0x85, 0xd9, 0xc3, 0x02, 0x8b, 0x71, 0x60, 0x10, + 0xf4, 0x28, 0x94, 0x9d, 0x96, 0x27, 0x5c, 0xd8, 0xd4, 0x19, 0x68, 0x6a, 0x79, 0x1e, 0xd3, 0xf2, + 0x54, 0xaa, 0x8d, 0xca, 0xb1, 0xa4, 0xda, 0xa0, 0x62, 0x40, 0xdc, 0x5d, 0xf4, 0x6b, 0x31, 0x90, + 0xbe, 0x53, 0xb0, 0xdf, 0x28, 0xc3, 0xa3, 0x7b, 0xae, 0x17, 0xed, 0xc1, 0x67, 0xed, 0xe1, 0xc1, + 0x27, 0x87, 0xa7, 0xb4, 0xdf, 0xf0, 0x94, 0xbb, 0x0c, 0xcf, 0xc7, 0xe9, 0x36, 0x90, 0xa9, 0x5f, + 0x8a, 0x79, 0xfa, 0xb2, 0x5b, 0x26, 0x19, 0xb1, 0x03, 0x24, 0x14, 0x6b, 0xba, 0xf4, 0x0c, 0x90, + 0x8a, 0xeb, 0xae, 0x14, 0x21, 0x06, 0xba, 0xa6, 0x5f, 0xe1, 0x6b, 0xbf, 0x5b, 0xb0, 0xb8, 0xfd, + 0x2f, 0xfa, 0xe0, 0xf1, 0x1e, 0xb8, 0xb7, 0xb9, 0x8a, 0xad, 0x1e, 0x57, 0xf1, 0x0f, 0xf8, 0x34, + 0x7d, 0x32, 0x77, 0x9a, 0x70, 0xf1, 0xd3, 0xb4, 0xf7, 0x0c, 0xa1, 0xa7, 0xa0, 0xea, 0x05, 0x31, + 0x71, 0xdb, 0x11, 0xf7, 0x66, 0x36, 0x02, 0xa0, 0xe6, 0x45, 0x39, 0x56, 0x18, 0xf4, 0x4c, 0xe7, + 0x3a, 0x74, 0xfb, 0x0f, 0x14, 0x14, 0xf5, 0x6b, 0xc6, 0x52, 0x71, 0x95, 0x62, 0x66, 0x8a, 0x72, + 0x00, 0x4e, 0xc6, 0xfe, 0x1b, 0x16, 0x9c, 0xeb, 0x2e, 0x62, 0xd1, 0x33, 0x30, 0xb8, 0x16, 0x39, + 0x81, 0xbb, 0xc1, 0x1e, 0x3d, 0x96, 0x4b, 0x87, 0x7d, 0xaf, 0x2e, 0xc6, 0x26, 0x0e, 0x9a, 0x81, + 0x51, 0xee, 0xb9, 0x61, 0x60, 0xc8, 0x98, 0xe1, 0x3b, 0xbb, 0xe3, 0xa3, 0xab, 0x59, 0x20, 0xee, + 0xc4, 0xb7, 0xbf, 0x5f, 0xce, 0xef, 0x16, 0x57, 0xc5, 0x0e, 0xb2, 0x9a, 0xc5, 0x5a, 0x2d, 0xf5, + 0xc0, 0x71, 0xcb, 0xc7, 0xcd, 0x71, 0xfb, 0xba, 0x71, 0x5c, 0x34, 0x0b, 0x27, 0x8d, 0x57, 0xa9, + 0x78, 0x1c, 0x38, 0x77, 0x68, 0x56, 0x69, 0x59, 0x96, 0x33, 0x70, 0xdc, 0x51, 0xe3, 0x01, 0x5f, + 0x7a, 0xbf, 0x5e, 0x82, 0xb3, 0x5d, 0xb5, 0xdf, 0x63, 0x92, 0x28, 0xe6, 0xf4, 0xf7, 0x1d, 0xcf, + 0xf4, 0x9b, 0x93, 0x52, 0xd9, 0x6f, 0x52, 0xec, 0x3f, 0x29, 0x75, 0xdd, 0x08, 0xf4, 0x24, 0xf4, + 0x43, 0x3b, 0x4a, 0x2f, 0xc0, 0xb0, 0xd3, 0x6a, 0x71, 0x3c, 0xe6, 0x7f, 0x9b, 0x49, 0x03, 0x35, + 0x65, 0x02, 0x71, 0x1a, 0xb7, 0x27, 0x9d, 0xe6, 0x4f, 0x2d, 0xa8, 0x61, 0xb2, 0xce, 0xb9, 0x11, + 0xba, 0x25, 0x86, 0xc8, 0x2a, 0x22, 0xe7, 0x2d, 0x1d, 0xd8, 0xd8, 0x63, 0xb9, 0x60, 0xf3, 0x06, + 0xbb, 0xf3, 0x95, 0xb2, 0xd2, 0x81, 0x5e, 0x29, 0x53, 0xef, 0x54, 0x95, 0xbb, 0xbf, 0x53, 0x65, + 0x7f, 0x77, 0x80, 0x7e, 0x5e, 0x2b, 0x9c, 0x89, 0x48, 0x3d, 0xa6, 0xf3, 0xdb, 0x8e, 0x7c, 0xb1, + 0x48, 0xd4, 0xfc, 0x5e, 0xc7, 0x0b, 0x98, 0x96, 0xa7, 0x2e, 0xc8, 0x4a, 0x07, 0x4a, 0x82, 0x53, + 0xde, 0x37, 0x09, 0xce, 0x0b, 0x30, 0x1c, 0xc7, 0x1b, 0xcb, 0x91, 0xb7, 0xe5, 0x24, 0xe4, 0x2a, + 0xd9, 0x11, 0xba, 0xaf, 0x4e, 0x1f, 0xb1, 0x72, 0x59, 0x03, 0x71, 0x1a, 0x17, 0xcd, 0xc1, 0xa8, + 0x4e, 0x45, 0x43, 0xa2, 0x84, 0x45, 0x6b, 0xf0, 0x95, 0xa0, 0x62, 0xc5, 0x75, 0xf2, 0x1a, 0x81, + 0x80, 0x3b, 0xeb, 0x50, 0x7e, 0x9a, 0x2a, 0xa4, 0x1d, 0xe9, 0x4f, 0xf3, 0xd3, 0x54, 0x3b, 0xb4, + 0x2f, 0x1d, 0x35, 0xd0, 0x22, 0x9c, 0xe2, 0x0b, 0x63, 0xaa, 0xd5, 0x32, 0xbe, 0x68, 0x20, 0x9d, + 0x6b, 0x74, 0xae, 0x13, 0x05, 0xe7, 0xd5, 0x43, 0xcf, 0xc1, 0xa0, 0x2a, 0x9e, 0x9f, 0x15, 0x77, + 0x3b, 0xca, 0xb6, 0xa4, 0x9a, 0x99, 0xaf, 0x63, 0x13, 0x0f, 0xbd, 0x0f, 0x1e, 0xd6, 0x7f, 0x79, + 0x48, 0x1f, 0xbf, 0xf0, 0x9c, 0x15, 0x59, 0xbe, 0xd4, 0xab, 0x48, 0x73, 0xb9, 0x68, 0x75, 0xdc, + 0xad, 0x3e, 0x5a, 0x83, 0x73, 0x0a, 0x74, 0x31, 0x48, 0x58, 0x7c, 0x4e, 0x4c, 0xa6, 0x9d, 0x98, + 0x5c, 0x8f, 0x7c, 0xf1, 0x62, 0x87, 0x7a, 0x38, 0x77, 0xce, 0x4b, 0x2e, 0xe7, 0x61, 0xe2, 0x05, + 0xbc, 0x47, 0x2b, 0x68, 0x12, 0x6a, 0x24, 0x70, 0xd6, 0x7c, 0xb2, 0x34, 0x33, 0x2f, 0xde, 0xf0, + 0xd0, 0xfe, 0xd6, 0x12, 0x80, 0x35, 0x8e, 0xf2, 0x18, 0x1e, 0xea, 0xfa, 0x88, 0xf3, 0x32, 0x9c, + 0x6e, 0xb8, 0x2d, 0xaa, 0x11, 0x7a, 0x2e, 0x99, 0x72, 0x99, 0x9b, 0x23, 0x9d, 0x18, 0x9e, 0x04, + 0x56, 0xb9, 0xc3, 0xcf, 0xcd, 0x2c, 0x77, 0xe0, 0xe0, 0xdc, 0x9a, 0xcc, 0x1d, 0x36, 0x0a, 0xb7, + 0x77, 0xc6, 0x4e, 0x65, 0xdc, 0x61, 0x69, 0x21, 0xe6, 0x30, 0x74, 0x05, 0x10, 0x8b, 0xad, 0xb8, + 0x9c, 0x24, 0x2d, 0xa5, 0x82, 0x8e, 0x9d, 0x4e, 0xe7, 0xfc, 0xb9, 0xd4, 0x81, 0x81, 0x73, 0x6a, + 0x51, 0x8d, 0x26, 0x08, 0x59, 0xeb, 0x63, 0x0f, 0xa7, 0x35, 0x9a, 0x6b, 0xbc, 0x18, 0x4b, 0xb8, + 0xfd, 0x1f, 0x2d, 0x18, 0x56, 0x5b, 0xfb, 0x18, 0x02, 0x91, 0xfc, 0x74, 0x20, 0xd2, 0xdc, 0xe1, + 0x99, 0x23, 0xeb, 0x79, 0x17, 0x6f, 0xf6, 0x6f, 0x0c, 0x02, 0x68, 0x06, 0xaa, 0x64, 0x97, 0xd5, + 0x55, 0x76, 0x3d, 0xb0, 0xcc, 0x2b, 0x2f, 0x97, 0x4f, 0xe5, 0xfe, 0xe6, 0xf2, 0x59, 0x81, 0x33, + 0x52, 0xb3, 0xe0, 0x97, 0x7d, 0x97, 0xc3, 0x58, 0xf1, 0xc2, 0xea, 0xf4, 0xa3, 0xa2, 0xa1, 0x33, + 0xf3, 0x79, 0x48, 0x38, 0xbf, 0x6e, 0x4a, 0xa1, 0x19, 0xd8, 0x57, 0xcb, 0x54, 0xdb, 0x7f, 0x61, + 0x5d, 0x3e, 0x47, 0x94, 0xd9, 0xfe, 0x0b, 0x97, 0x56, 0xb0, 0xc6, 0xc9, 0x97, 0x01, 0xb5, 0x82, + 0x64, 0x00, 0x1c, 0x58, 0x06, 0x48, 0x6e, 0x34, 0xd8, 0x95, 0x1b, 0xc9, 0x4b, 0x85, 0xa1, 0xae, + 0x97, 0x0a, 0xef, 0x86, 0x13, 0x5e, 0xb0, 0x41, 0x22, 0x2f, 0x21, 0x75, 0xb6, 0x17, 0x18, 0xa7, + 0x32, 0xde, 0x51, 0x9a, 0x4f, 0x41, 0x71, 0x06, 0x3b, 0xcd, 0x42, 0x4f, 0xf4, 0xc0, 0x42, 0xbb, + 0x08, 0xae, 0x91, 0x62, 0x04, 0xd7, 0xc9, 0xc3, 0x0b, 0xae, 0xd1, 0x23, 0x15, 0x5c, 0xa8, 0x10, + 0xc1, 0xd5, 0x93, 0x4c, 0x30, 0x4e, 0xa6, 0xa7, 0xf7, 0x39, 0x99, 0x76, 0x93, 0x5a, 0x67, 0xee, + 0x59, 0x6a, 0xe5, 0x0b, 0xa4, 0x87, 0x8e, 0x5a, 0x20, 0x7d, 0xaa, 0x04, 0x67, 0x34, 0xcb, 0xa6, + 0x1b, 0xc5, 0x5b, 0xa7, 0x4c, 0x8b, 0x3d, 0x7e, 0xc7, 0xef, 0xe8, 0x8c, 0x10, 0x3a, 0x1d, 0x8d, + 0xa7, 0x20, 0xd8, 0xc0, 0x62, 0x91, 0x68, 0x24, 0x62, 0x99, 0xb0, 0xb3, 0xfc, 0x7c, 0x46, 0x94, + 0x63, 0x85, 0x41, 0x97, 0x22, 0xfd, 0x2d, 0xa2, 0x7b, 0xb3, 0x39, 0x16, 0x67, 0x34, 0x08, 0x9b, + 0x78, 0xe8, 0x49, 0x4e, 0x84, 0xf1, 0x12, 0xca, 0xd3, 0x87, 0xc4, 0x83, 0xe1, 0x92, 0x7d, 0x28, + 0xa8, 0xec, 0x0e, 0x0b, 0x39, 0xac, 0x74, 0x76, 0x87, 0xb9, 0xbb, 0x29, 0x0c, 0xfb, 0x7f, 0x5a, + 0x70, 0x36, 0x77, 0x28, 0x8e, 0x41, 0x4e, 0x6f, 0xa7, 0xe5, 0xf4, 0x4a, 0x51, 0x87, 0x18, 0xe3, + 0x2b, 0xba, 0xc8, 0xec, 0x7f, 0x6f, 0xc1, 0x09, 0x8d, 0x7f, 0x0c, 0x9f, 0xea, 0xa5, 0x3f, 0xb5, + 0xb8, 0xf3, 0x5a, 0xad, 0xe3, 0xdb, 0x7e, 0xaf, 0x04, 0x2a, 0xef, 0xe9, 0x94, 0x2b, 0xb3, 0x4a, + 0xef, 0x73, 0x6b, 0xbc, 0x03, 0xfd, 0xec, 0xd2, 0x3b, 0x2e, 0xc6, 0xa1, 0x27, 0x4d, 0x9f, 0x5d, + 0xa0, 0x6b, 0x87, 0x02, 0xf6, 0x37, 0xc6, 0x82, 0x20, 0xcb, 0xd3, 0xce, 0x53, 0x4a, 0xd6, 0x45, + 0xcc, 0x98, 0xce, 0xd3, 0x2e, 0xca, 0xb1, 0xc2, 0xa0, 0x92, 0xc4, 0x73, 0xc3, 0x60, 0xc6, 0x77, + 0x62, 0xf9, 0x18, 0xad, 0x92, 0x24, 0xf3, 0x12, 0x80, 0x35, 0x0e, 0xbb, 0x0f, 0xf7, 0xe2, 0x96, + 0xef, 0xec, 0x18, 0xa7, 0x72, 0x23, 0x8b, 0x85, 0x02, 0x61, 0x13, 0xcf, 0x6e, 0xc2, 0x58, 0xfa, + 0x23, 0x66, 0xc9, 0x3a, 0x73, 0x46, 0xed, 0x69, 0x38, 0x27, 0xa1, 0xe6, 0xb0, 0x5a, 0x0b, 0x6d, + 0x47, 0xf0, 0x04, 0xed, 0x92, 0x29, 0x01, 0x58, 0xe3, 0xd8, 0xff, 0xc0, 0x82, 0x53, 0x39, 0x83, + 0x56, 0x60, 0x70, 0x64, 0xa2, 0xb9, 0x4d, 0x9e, 0x0e, 0xf0, 0xe3, 0x30, 0x50, 0x27, 0xeb, 0x8e, + 0x74, 0x77, 0x34, 0xb8, 0xe7, 0x2c, 0x2f, 0xc6, 0x12, 0x6e, 0xff, 0x76, 0x09, 0x46, 0xd2, 0x7d, + 0x8d, 0x59, 0xd8, 0x10, 0x1f, 0x26, 0x2f, 0x76, 0xc3, 0x2d, 0x12, 0xed, 0xd0, 0x2f, 0xb7, 0x32, + 0x61, 0x43, 0x1d, 0x18, 0x38, 0xa7, 0x16, 0xcb, 0x7a, 0x5c, 0x57, 0xa3, 0x2d, 0x57, 0xe4, 0x8d, + 0x22, 0x57, 0xa4, 0x9e, 0x4c, 0xd3, 0x35, 0x42, 0x91, 0xc4, 0x26, 0x7d, 0xaa, 0x8b, 0x30, 0x3f, + 0xec, 0xe9, 0xb6, 0xe7, 0x27, 0x5e, 0x20, 0x3e, 0x59, 0xac, 0x55, 0xa5, 0x8b, 0x2c, 0x76, 0xa2, + 0xe0, 0xbc, 0x7a, 0xf6, 0xf7, 0xfa, 0x40, 0x05, 0x63, 0x33, 0xd7, 0xb5, 0x82, 0x1c, 0xff, 0x0e, + 0x1a, 0x7c, 0xa6, 0xd6, 0x56, 0xdf, 0x5e, 0xbe, 0x24, 0xdc, 0x94, 0x63, 0xda, 0x73, 0xd5, 0x80, + 0xad, 0x6a, 0x10, 0x36, 0xf1, 0x68, 0x4f, 0x7c, 0x6f, 0x8b, 0xf0, 0x4a, 0xfd, 0xe9, 0x9e, 0x2c, + 0x48, 0x00, 0xd6, 0x38, 0xb4, 0x27, 0x75, 0x6f, 0x7d, 0x5d, 0xd8, 0x25, 0x54, 0x4f, 0xe8, 0xe8, + 0x60, 0x06, 0xe1, 0x79, 0xf1, 0xc3, 0x4d, 0xa1, 0x7f, 0x1b, 0x79, 0xf1, 0xc3, 0x4d, 0xcc, 0x20, + 0x74, 0x96, 0x82, 0x30, 0x6a, 0x3a, 0xbe, 0xf7, 0x1a, 0xa9, 0x2b, 0x2a, 0x42, 0xef, 0x56, 0xb3, + 0x74, 0xad, 0x13, 0x05, 0xe7, 0xd5, 0xa3, 0x0b, 0xba, 0x15, 0x91, 0xba, 0xe7, 0x26, 0x66, 0x6b, + 0x90, 0x5e, 0xd0, 0xcb, 0x1d, 0x18, 0x38, 0xa7, 0x16, 0x9a, 0x82, 0x11, 0x19, 0x4c, 0x2f, 0x53, + 0x25, 0x0d, 0xa6, 0x53, 0xb3, 0xe0, 0x34, 0x18, 0x67, 0xf1, 0x29, 0x93, 0x6c, 0x8a, 0x6c, 0x6a, + 0x4c, 0x4d, 0x37, 0x98, 0xa4, 0xcc, 0xb2, 0x86, 0x15, 0x86, 0xfd, 0xb1, 0x32, 0x15, 0xea, 0x5d, + 0x92, 0x16, 0x1e, 0x9b, 0xa3, 0x69, 0x7a, 0x45, 0xf6, 0xf5, 0xb0, 0x22, 0x9f, 0x85, 0xa1, 0x5b, + 0x71, 0x18, 0x28, 0x27, 0xce, 0x4a, 0x57, 0x27, 0x4e, 0x03, 0x2b, 0xdf, 0x89, 0xb3, 0xbf, 0x28, + 0x27, 0xce, 0x81, 0x7b, 0x74, 0xe2, 0xfc, 0x83, 0x0a, 0xa8, 0x37, 0x86, 0xae, 0x91, 0xe4, 0x76, + 0x18, 0x6d, 0x7a, 0x41, 0x83, 0x25, 0x21, 0xf8, 0x8a, 0x05, 0x43, 0x7c, 0xbf, 0x2c, 0x98, 0x41, + 0x78, 0xeb, 0x05, 0x3d, 0x5e, 0x93, 0x22, 0x36, 0xb1, 0x6a, 0x10, 0xca, 0xbc, 0x5f, 0x6c, 0x82, + 0x70, 0xaa, 0x47, 0xe8, 0xc3, 0x00, 0xd2, 0x88, 0xbb, 0x2e, 0x39, 0xf0, 0x7c, 0x31, 0xfd, 0xc3, + 0x64, 0x5d, 0xab, 0xd4, 0xab, 0x8a, 0x08, 0x36, 0x08, 0xa2, 0x4f, 0xe9, 0x00, 0x45, 0x1e, 0xed, + 0xf1, 0xc1, 0x23, 0x19, 0x9b, 0x5e, 0xc2, 0x13, 0x31, 0x0c, 0x78, 0x41, 0x83, 0xae, 0x13, 0xe1, + 0xec, 0xf6, 0xb6, 0xbc, 0x04, 0x1e, 0x0b, 0xa1, 0x53, 0x9f, 0x76, 0x7c, 0x27, 0x70, 0x49, 0x34, + 0xcf, 0xd1, 0xb5, 0x04, 0x15, 0x05, 0x58, 0x36, 0xd4, 0xf1, 0x3a, 0x53, 0xa5, 0x97, 0xd7, 0x99, + 0xce, 0xbd, 0x07, 0x46, 0x3b, 0x26, 0xf3, 0x40, 0xd1, 0x88, 0xf7, 0x1e, 0xc8, 0x68, 0xff, 0x61, + 0x4d, 0x0b, 0xad, 0x6b, 0x61, 0x9d, 0x3f, 0xf6, 0x13, 0xe9, 0x19, 0x15, 0x2a, 0x73, 0x81, 0x4b, + 0x44, 0x89, 0x19, 0xa3, 0x10, 0x9b, 0x24, 0xe9, 0x1a, 0x6d, 0x39, 0x11, 0x09, 0x8e, 0x7a, 0x8d, + 0x2e, 0x2b, 0x22, 0xd8, 0x20, 0x88, 0x36, 0x52, 0xe1, 0x48, 0x97, 0x0e, 0x1f, 0x8e, 0xc4, 0x52, + 0x9b, 0xe5, 0xbd, 0x89, 0xf1, 0x79, 0x0b, 0x4e, 0x04, 0xa9, 0x95, 0x5b, 0x8c, 0x07, 0x72, 0xfe, + 0xae, 0xe0, 0x4f, 0xd4, 0xa5, 0xcb, 0x70, 0x86, 0x7e, 0x9e, 0x48, 0xab, 0x1c, 0x50, 0xa4, 0xe9, + 0xc7, 0xc6, 0xfa, 0xbb, 0x3d, 0x36, 0x86, 0x02, 0xf5, 0xda, 0xe2, 0x40, 0xe1, 0xaf, 0x2d, 0x42, + 0xce, 0x4b, 0x8b, 0x37, 0xa1, 0xe6, 0x46, 0xc4, 0x49, 0xee, 0xf1, 0xe1, 0x3d, 0xe6, 0xdb, 0x31, + 0x23, 0x1b, 0xc0, 0xba, 0x2d, 0xf4, 0x11, 0xc5, 0xcf, 0x6a, 0x45, 0x6a, 0xb3, 0x74, 0x2b, 0xf6, + 0xc4, 0xc5, 0xbe, 0x90, 0x09, 0xb2, 0x86, 0x22, 0x62, 0x61, 0x53, 0xbd, 0xf8, 0xc1, 0x0a, 0xac, + 0xfe, 0x3f, 0x7d, 0x70, 0x52, 0x76, 0x5f, 0x46, 0x93, 0x50, 0x7d, 0x85, 0xaf, 0x03, 0x7d, 0x76, + 0x51, 0xfa, 0xca, 0x65, 0x09, 0xc0, 0x1a, 0x87, 0xea, 0xc7, 0xed, 0x98, 0x2c, 0xb5, 0x48, 0xb0, + 0xe0, 0xad, 0xc5, 0xe2, 0x72, 0x5c, 0x7d, 0xf7, 0x75, 0x0d, 0xc2, 0x26, 0x1e, 0x3d, 0x6b, 0x39, + 0xc6, 0x21, 0xc2, 0x38, 0x6b, 0xc9, 0x83, 0x83, 0x84, 0xa3, 0x5f, 0xc9, 0xcd, 0x6a, 0x5d, 0x4c, + 0x0c, 0x66, 0x47, 0x10, 0xcd, 0x01, 0xdf, 0xce, 0xfd, 0xbb, 0x16, 0x9c, 0xe1, 0xa5, 0x72, 0x24, + 0xaf, 0xb7, 0xea, 0x4e, 0x42, 0xe2, 0x62, 0xde, 0xb7, 0xc8, 0xe9, 0x9f, 0x36, 0xf7, 0xe7, 0x91, + 0xc5, 0xf9, 0xbd, 0x41, 0xaf, 0x5b, 0x30, 0xb2, 0x99, 0x4a, 0xfc, 0x23, 0x45, 0xf9, 0x61, 0x33, + 0x6b, 0xa4, 0x1a, 0xd5, 0xac, 0x2f, 0x5d, 0x1e, 0xe3, 0x2c, 0x75, 0xfb, 0x7f, 0x58, 0x60, 0x8a, + 0xb5, 0xe3, 0xcf, 0x17, 0x74, 0x70, 0xd5, 0x5c, 0x6a, 0xfb, 0x95, 0xae, 0xda, 0xfe, 0xa3, 0x50, + 0x6e, 0x7b, 0x75, 0x71, 0xde, 0xd3, 0x57, 0xf6, 0xf3, 0xb3, 0x98, 0x96, 0xdb, 0xff, 0xbc, 0xa2, + 0xcd, 0x52, 0x22, 0xc4, 0xf1, 0x87, 0xe2, 0xb3, 0xd7, 0x55, 0xc6, 0x41, 0xfe, 0xe5, 0xd7, 0x3a, + 0x32, 0x0e, 0xfe, 0xf4, 0xc1, 0x23, 0x58, 0xf9, 0x00, 0x75, 0x4b, 0x38, 0x38, 0xb0, 0x4f, 0xf8, + 0xea, 0x2d, 0xa8, 0xd2, 0x23, 0x31, 0xb3, 0x2f, 0x57, 0x53, 0x9d, 0xaa, 0x5e, 0x16, 0xe5, 0x77, + 0x77, 0xc7, 0xdf, 0x79, 0xf0, 0x6e, 0xc9, 0xda, 0x58, 0xb5, 0x8f, 0x62, 0xa8, 0xd1, 0xdf, 0x2c, + 0xd2, 0x56, 0x1c, 0xb6, 0xaf, 0x2b, 0x9e, 0x29, 0x01, 0x85, 0x84, 0xf1, 0x6a, 0x3a, 0x28, 0x80, + 0x1a, 0x7b, 0x66, 0x9c, 0x11, 0xe5, 0x67, 0xf2, 0x65, 0x15, 0xef, 0x2a, 0x01, 0x77, 0x77, 0xc7, + 0x5f, 0x38, 0x38, 0x51, 0x55, 0x1d, 0x6b, 0x12, 0xf6, 0x17, 0xfa, 0xf4, 0xda, 0x15, 0x89, 0x26, + 0x7f, 0x28, 0xd6, 0xee, 0xf3, 0x99, 0xb5, 0x7b, 0xbe, 0x63, 0xed, 0x9e, 0xd0, 0xcf, 0x61, 0xa7, + 0x56, 0xe3, 0x71, 0x2b, 0x66, 0xfb, 0xdb, 0x7f, 0x98, 0x46, 0xfa, 0x6a, 0xdb, 0x8b, 0x48, 0xbc, + 0x1c, 0xb5, 0x03, 0x2f, 0x68, 0xb0, 0xe5, 0x58, 0x35, 0x35, 0xd2, 0x14, 0x18, 0x67, 0xf1, 0xd1, + 0x53, 0x50, 0xa5, 0x73, 0x7e, 0xd3, 0xd9, 0xe2, 0xab, 0xca, 0xc8, 0xbd, 0xb7, 0x22, 0xca, 0xb1, + 0xc2, 0xb0, 0xbf, 0xce, 0xbc, 0x1a, 0x8c, 0x10, 0x7f, 0xba, 0x26, 0x7c, 0xf6, 0xae, 0x3b, 0x4f, + 0xdc, 0xa7, 0xd6, 0x04, 0x7f, 0xcc, 0x9d, 0xc3, 0xd0, 0x6d, 0x18, 0x58, 0xe3, 0x2f, 0x94, 0x16, + 0xf3, 0x76, 0x82, 0x78, 0xee, 0x94, 0xbd, 0xfd, 0x24, 0xdf, 0x3e, 0xbd, 0xab, 0x7f, 0x62, 0x49, + 0xcd, 0xfe, 0x56, 0x05, 0x46, 0x32, 0x2f, 0x7f, 0xa7, 0x52, 0x26, 0x97, 0xf6, 0x4d, 0x99, 0xfc, + 0x01, 0x80, 0x3a, 0x69, 0xf9, 0xe1, 0x0e, 0x53, 0x8f, 0xfb, 0x0e, 0xac, 0x1e, 0xab, 0x13, 0xd5, + 0xac, 0x6a, 0x05, 0x1b, 0x2d, 0x8a, 0x6c, 0x85, 0x3c, 0x03, 0x73, 0x26, 0x5b, 0xa1, 0xf1, 0xc2, + 0x4a, 0xff, 0xf1, 0xbe, 0xb0, 0xe2, 0xc1, 0x08, 0xef, 0xa2, 0x0a, 0xa4, 0xbf, 0x87, 0x78, 0x79, + 0x16, 0x8a, 0x34, 0x9b, 0x6e, 0x06, 0x67, 0xdb, 0xbd, 0x9f, 0x0f, 0xfb, 0xa3, 0xb7, 0x43, 0x4d, + 0xce, 0x33, 0x3f, 0xa3, 0x88, 0x64, 0x24, 0x72, 0x19, 0xb0, 0x07, 0xf7, 0xc5, 0xcf, 0x8e, 0x9c, + 0x20, 0x70, 0xbf, 0x72, 0x82, 0xd8, 0x9f, 0x2b, 0x51, 0x3d, 0x9e, 0xf7, 0x4b, 0xa5, 0xb7, 0x7a, + 0x02, 0xfa, 0x9d, 0x76, 0xb2, 0x11, 0x76, 0xbc, 0x71, 0x3a, 0xc5, 0x4a, 0xb1, 0x80, 0xa2, 0x05, + 0xe8, 0xab, 0xeb, 0x94, 0x45, 0x07, 0x99, 0x4f, 0x6d, 0xa2, 0x76, 0x12, 0x82, 0x59, 0x2b, 0xe8, + 0x11, 0xe8, 0x4b, 0x9c, 0x86, 0x8c, 0x9e, 0x64, 0x11, 0xf3, 0xab, 0x4e, 0x23, 0xc6, 0xac, 0xd4, + 0x14, 0xdf, 0x7d, 0xfb, 0x88, 0xef, 0x17, 0x60, 0x38, 0xf6, 0x1a, 0x81, 0x93, 0xb4, 0x23, 0x62, + 0xdc, 0xe2, 0x6a, 0x1f, 0x1e, 0x13, 0x88, 0xd3, 0xb8, 0xf6, 0xef, 0x0c, 0xc1, 0xe9, 0x95, 0x99, + 0x45, 0x99, 0xc2, 0xff, 0xc8, 0x02, 0x20, 0xf3, 0x68, 0x1c, 0x5f, 0x00, 0x64, 0x17, 0xea, 0xbe, + 0x11, 0x00, 0xe9, 0x1b, 0x01, 0x90, 0xe9, 0x68, 0xb4, 0x72, 0x11, 0xd1, 0x68, 0x79, 0x3d, 0xe8, + 0x25, 0x1a, 0xed, 0xc8, 0x22, 0x22, 0xf7, 0xec, 0xd0, 0x81, 0x22, 0x22, 0x55, 0xb8, 0x68, 0x21, + 0x71, 0x42, 0x5d, 0xa6, 0x2a, 0x37, 0x5c, 0x54, 0x85, 0xea, 0xf1, 0x18, 0x38, 0xc1, 0xea, 0x5f, + 0x2e, 0xbe, 0x03, 0x3d, 0x84, 0xea, 0x89, 0x30, 0x3c, 0x33, 0x3c, 0x74, 0xa0, 0x88, 0xf0, 0xd0, + 0xbc, 0xee, 0xec, 0x1b, 0x1e, 0xfa, 0x02, 0x0c, 0xbb, 0x7e, 0x18, 0x90, 0xe5, 0x28, 0x4c, 0x42, + 0x37, 0x94, 0xaf, 0x2c, 0xea, 0x27, 0x85, 0x4c, 0x20, 0x4e, 0xe3, 0x76, 0x8b, 0x2d, 0xad, 0x1d, + 0x36, 0xb6, 0x14, 0xee, 0x53, 0x6c, 0xe9, 0x2f, 0xea, 0x2c, 0x08, 0x83, 0x6c, 0x46, 0x3e, 0x50, + 0xfc, 0x8c, 0xf4, 0x92, 0x0a, 0x01, 0xbd, 0xc1, 0x1f, 0x19, 0xa5, 0x8a, 0xf1, 0x4c, 0xd8, 0xa4, + 0x8a, 0xdf, 0x10, 0x1b, 0x92, 0x57, 0x8e, 0x60, 0xc1, 0xde, 0x5c, 0xd1, 0x64, 0xd4, 0xc3, 0xa3, + 0xba, 0x08, 0xa7, 0x3b, 0x72, 0x98, 0x2c, 0x0d, 0x5f, 0x2a, 0xc1, 0x8f, 0xec, 0xdb, 0x05, 0x74, + 0x1b, 0x20, 0x71, 0x1a, 0x62, 0xa1, 0x8a, 0x0b, 0xac, 0x43, 0x3a, 0xda, 0xae, 0xca, 0xf6, 0x78, + 0x7a, 0x21, 0xf5, 0x97, 0x5d, 0x0d, 0xc9, 0xdf, 0xcc, 0xbf, 0x36, 0xf4, 0x3b, 0xb2, 0xb0, 0xe2, + 0xd0, 0x27, 0x98, 0x41, 0xa8, 0xf8, 0x8f, 0x48, 0x43, 0xbf, 0xd0, 0xaf, 0xa6, 0x0f, 0xb3, 0x52, + 0x2c, 0xa0, 0xe8, 0x39, 0x18, 0x74, 0x7c, 0x9f, 0x07, 0x71, 0x91, 0x58, 0xbc, 0xf5, 0xa5, 0xad, + 0x96, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x2f, 0x4a, 0x30, 0xbe, 0x0f, 0x4f, 0xe9, 0x08, 0xde, 0xad, + 0xf4, 0x1c, 0xbc, 0x2b, 0x02, 0x5b, 0xfa, 0xbb, 0x04, 0xb6, 0x3c, 0x07, 0x83, 0x09, 0x71, 0x9a, + 0xc2, 0x35, 0x4f, 0x58, 0x02, 0xf4, 0x8d, 0xbc, 0x06, 0x61, 0x13, 0x8f, 0x72, 0xb1, 0x13, 0x8e, + 0xeb, 0x92, 0x38, 0x96, 0x91, 0x2b, 0xc2, 0xba, 0x5d, 0x58, 0x58, 0x0c, 0xbb, 0x34, 0x98, 0x4a, + 0x91, 0xc0, 0x19, 0x92, 0xd9, 0x01, 0xaf, 0xf5, 0x38, 0xe0, 0x5f, 0x2d, 0xc1, 0xa3, 0x7b, 0x4a, + 0xb7, 0x9e, 0x83, 0x8a, 0xda, 0x31, 0x89, 0xb2, 0x0b, 0xe7, 0x7a, 0x4c, 0x22, 0xcc, 0x20, 0x7c, + 0x94, 0x5a, 0x2d, 0xe5, 0x56, 0x5d, 0x7c, 0x84, 0x1d, 0x1f, 0xa5, 0x14, 0x09, 0x9c, 0x21, 0x79, + 0xaf, 0xcb, 0xf2, 0x5b, 0x7d, 0xf0, 0x78, 0x0f, 0x3a, 0x40, 0x81, 0x91, 0x88, 0xe9, 0xa8, 0xd9, + 0xf2, 0x7d, 0x8a, 0x9a, 0xbd, 0xb7, 0xe1, 0x7a, 0x33, 0xd8, 0xb6, 0xa7, 0x88, 0xc7, 0xaf, 0x97, + 0xe0, 0x5c, 0x77, 0x85, 0x05, 0xbd, 0x0b, 0x46, 0x22, 0xe5, 0x8a, 0x68, 0x06, 0xdc, 0x9e, 0xe2, + 0xf6, 0x96, 0x14, 0x08, 0x67, 0x71, 0xd1, 0x04, 0x40, 0xcb, 0x49, 0x36, 0xe2, 0x8b, 0xdb, 0x5e, + 0x9c, 0x88, 0xb4, 0x5b, 0x27, 0xf8, 0x8d, 0xab, 0x2c, 0xc5, 0x06, 0x06, 0x25, 0xc7, 0xfe, 0xcd, + 0x86, 0xd7, 0xc2, 0x84, 0x57, 0xe2, 0x87, 0xad, 0x53, 0xf2, 0x79, 0x23, 0x03, 0x84, 0xb3, 0xb8, + 0x94, 0x1c, 0xbb, 0x0d, 0xe3, 0x1d, 0xe5, 0xa7, 0x30, 0x46, 0x6e, 0x41, 0x95, 0x62, 0x03, 0x23, + 0x1b, 0x4a, 0x5c, 0xd9, 0x3f, 0x94, 0xd8, 0xfe, 0x67, 0x25, 0x38, 0xdb, 0x55, 0xe1, 0xed, 0x8d, + 0x4d, 0x3d, 0x78, 0xe1, 0xbf, 0xf7, 0xb8, 0xc3, 0x0e, 0x16, 0x36, 0xfa, 0xa7, 0x5d, 0x56, 0x9a, + 0x08, 0x1b, 0xbd, 0xf7, 0x6c, 0x18, 0x0f, 0xde, 0x78, 0x76, 0x44, 0x8a, 0xf6, 0x1d, 0x20, 0x52, + 0x34, 0x33, 0x19, 0x95, 0x1e, 0xa5, 0xc3, 0x7f, 0xe9, 0xeb, 0x3a, 0xbc, 0xf4, 0x80, 0xdc, 0x93, + 0x35, 0x7b, 0x16, 0x4e, 0x7a, 0x01, 0x7b, 0xea, 0x6e, 0xa5, 0xbd, 0x26, 0x32, 0x31, 0xf1, 0x74, + 0xa3, 0x2a, 0x1c, 0x65, 0x3e, 0x03, 0xc7, 0x1d, 0x35, 0x1e, 0xc0, 0xc8, 0xdd, 0x7b, 0x1b, 0xd2, + 0x03, 0x72, 0xee, 0x25, 0x38, 0x23, 0x87, 0x62, 0xc3, 0x89, 0x48, 0x5d, 0x08, 0xdb, 0x58, 0x04, + 0x20, 0x9d, 0xe5, 0x41, 0x4c, 0x39, 0x08, 0x38, 0xbf, 0x1e, 0x7b, 0x5d, 0x2c, 0x6c, 0x79, 0xae, + 0x38, 0x0a, 0xea, 0xd7, 0xc5, 0x68, 0x21, 0xe6, 0x30, 0x2d, 0x2f, 0x6a, 0xc7, 0x23, 0x2f, 0x3e, + 0x00, 0x35, 0x35, 0xde, 0x3c, 0x96, 0x42, 0x2d, 0xf2, 0x8e, 0x58, 0x0a, 0xb5, 0xc2, 0x0d, 0xac, + 0xfd, 0x9e, 0xbf, 0xfd, 0x49, 0x18, 0x52, 0xd6, 0xaf, 0x5e, 0xdf, 0x78, 0xb3, 0xff, 0xbc, 0x1f, + 0x86, 0x53, 0xd9, 0x57, 0x53, 0x66, 0x6f, 0x6b, 0x5f, 0xb3, 0x37, 0x0b, 0xa3, 0x69, 0x07, 0xf2, + 0x01, 0x48, 0x23, 0x8c, 0xa6, 0x1d, 0x10, 0xcc, 0x61, 0xf4, 0xd0, 0x51, 0x8f, 0x76, 0x70, 0x3b, + 0x10, 0x7e, 0xc1, 0xea, 0xd0, 0x31, 0xcb, 0x4a, 0xb1, 0x80, 0xa2, 0x8f, 0x5a, 0x30, 0x14, 0xb3, + 0x3b, 0x15, 0x7e, 0x69, 0x20, 0x16, 0xf9, 0x95, 0xc3, 0x27, 0x97, 0x55, 0x99, 0x86, 0x99, 0x1f, + 0x99, 0x59, 0x82, 0x53, 0x14, 0xd1, 0x27, 0x2c, 0xa8, 0xa9, 0x77, 0xaa, 0xc4, 0x6b, 0xae, 0x2b, + 0xc5, 0x26, 0xb7, 0xe5, 0xd6, 0x66, 0x75, 0x3d, 0xa5, 0xb2, 0x8c, 0x62, 0x4d, 0x18, 0xc5, 0xca, + 0xa2, 0x3f, 0x70, 0x34, 0x16, 0x7d, 0xc8, 0xb1, 0xe6, 0xbf, 0x1d, 0x6a, 0x4d, 0x27, 0xf0, 0xd6, + 0x49, 0x9c, 0x70, 0x23, 0xbb, 0xcc, 0xb9, 0x2d, 0x0b, 0xb1, 0x86, 0x53, 0x05, 0x20, 0x66, 0x1f, + 0x96, 0x18, 0x56, 0x71, 0xa6, 0x00, 0xac, 0xe8, 0x62, 0x6c, 0xe2, 0x98, 0x26, 0x7c, 0xb8, 0xaf, + 0x26, 0xfc, 0xc1, 0x7d, 0x4c, 0xf8, 0x2b, 0x70, 0xc6, 0x69, 0x27, 0xe1, 0x65, 0xe2, 0xf8, 0x53, + 0xfc, 0x69, 0xe6, 0x98, 0x27, 0xec, 0x1d, 0x62, 0x66, 0x21, 0xe5, 0x69, 0xb1, 0x42, 0xfc, 0xf5, + 0x0e, 0x24, 0x9c, 0x5f, 0xd7, 0xfe, 0xc7, 0x16, 0x9c, 0xc9, 0x5d, 0x0a, 0x0f, 0xae, 0xcf, 0xb1, + 0xfd, 0xc5, 0x0a, 0x9c, 0xca, 0xc9, 0xcd, 0x8c, 0x76, 0xcc, 0x4d, 0x62, 0x15, 0xe1, 0x2e, 0x92, + 0xf6, 0x7e, 0x90, 0x73, 0x93, 0xb3, 0x33, 0x0e, 0x76, 0x2b, 0xa7, 0x6f, 0xc6, 0xca, 0xc7, 0x7b, + 0x33, 0x66, 0xac, 0xf5, 0xbe, 0xfb, 0xba, 0xd6, 0x2b, 0xfb, 0xac, 0xf5, 0x6f, 0x58, 0x30, 0xd6, + 0xec, 0xf2, 0x20, 0x88, 0xb0, 0x31, 0xdf, 0x38, 0x9a, 0xe7, 0x46, 0xa6, 0x1f, 0xb9, 0xb3, 0x3b, + 0xde, 0xf5, 0x1d, 0x16, 0xdc, 0xb5, 0x57, 0xf6, 0xf7, 0xca, 0xc0, 0x12, 0x83, 0xb3, 0xfc, 0x9b, + 0x3b, 0xe8, 0x23, 0x66, 0x8a, 0x77, 0xab, 0xa8, 0x74, 0xe4, 0xbc, 0x71, 0x95, 0x22, 0x9e, 0x8f, + 0x60, 0x5e, 0xc6, 0xf8, 0x2c, 0x27, 0x2c, 0xf5, 0xc0, 0x09, 0x7d, 0x99, 0x4b, 0xbf, 0x5c, 0x7c, + 0x2e, 0xfd, 0x5a, 0x36, 0x8f, 0xfe, 0xde, 0x53, 0xdc, 0xf7, 0x40, 0x4e, 0xf1, 0xaf, 0x5a, 0x9c, + 0xf1, 0x64, 0x66, 0x41, 0xab, 0x1b, 0xd6, 0x1e, 0xea, 0xc6, 0x53, 0x50, 0x8d, 0x05, 0x67, 0x16, + 0x6a, 0x89, 0x76, 0x55, 0x10, 0xe5, 0x58, 0x61, 0xb0, 0x67, 0xba, 0x7d, 0x3f, 0xbc, 0x7d, 0xb1, + 0xd9, 0x4a, 0x76, 0x84, 0x82, 0xa2, 0x9f, 0xe9, 0x56, 0x10, 0x6c, 0x60, 0xd9, 0x7f, 0xa7, 0xc4, + 0x57, 0xa0, 0xf0, 0x77, 0x79, 0x3e, 0xf3, 0xb0, 0x6a, 0xef, 0xae, 0x22, 0x1f, 0x02, 0x70, 0xc3, + 0x66, 0x8b, 0x2a, 0xaf, 0xab, 0xa1, 0xb8, 0xfe, 0xbb, 0x7c, 0x58, 0x45, 0x54, 0xb6, 0xa7, 0x3f, + 0x43, 0x97, 0x61, 0x83, 0x5e, 0x8a, 0x97, 0x96, 0xf7, 0xe5, 0xa5, 0x29, 0xb6, 0xd2, 0xb7, 0x37, + 0x5b, 0xb1, 0xff, 0xc2, 0x82, 0x94, 0x9a, 0x85, 0x5a, 0x50, 0xa1, 0xdd, 0xdd, 0x11, 0x3b, 0x74, + 0xa9, 0x38, 0x9d, 0x8e, 0xb2, 0x46, 0xb1, 0xec, 0xd9, 0x4f, 0xcc, 0x09, 0x21, 0x5f, 0xb8, 0xc5, + 0xf0, 0x51, 0xbd, 0x56, 0x1c, 0xc1, 0xcb, 0x61, 0xb8, 0xc9, 0xef, 0xb0, 0xb5, 0x8b, 0x8d, 0xfd, + 0x3c, 0x8c, 0x76, 0x74, 0x8a, 0xbd, 0xa1, 0x18, 0x52, 0xe9, 0x93, 0x59, 0xae, 0x2c, 0x6a, 0x1b, + 0x73, 0x98, 0xfd, 0x75, 0x0b, 0x4e, 0x66, 0x9b, 0x47, 0x6f, 0x58, 0x30, 0x1a, 0x67, 0xdb, 0x3b, + 0xaa, 0xb1, 0x53, 0xae, 0xad, 0x1d, 0x20, 0xdc, 0xd9, 0x09, 0xfb, 0xff, 0x8a, 0xc5, 0x7f, 0xd3, + 0x0b, 0xea, 0xe1, 0x6d, 0xa5, 0x98, 0x58, 0x5d, 0x15, 0x13, 0xba, 0x1f, 0xdd, 0x0d, 0x52, 0x6f, + 0xfb, 0x1d, 0x31, 0xe0, 0x2b, 0xa2, 0x1c, 0x2b, 0x0c, 0x16, 0xf2, 0xda, 0x16, 0x8f, 0x6d, 0x64, + 0x16, 0xe5, 0xac, 0x28, 0xc7, 0x0a, 0x03, 0x3d, 0x0b, 0x43, 0xc6, 0x47, 0xca, 0x75, 0xc9, 0xb4, + 0x7c, 0x43, 0x64, 0xc6, 0x38, 0x85, 0x85, 0x26, 0x00, 0x94, 0x92, 0x23, 0x45, 0x24, 0xb3, 0x76, + 0x29, 0x4e, 0x14, 0x63, 0x03, 0x83, 0x05, 0x98, 0xfb, 0xed, 0x98, 0x5d, 0xe7, 0xf4, 0xeb, 0x04, + 0xd0, 0x33, 0xa2, 0x0c, 0x2b, 0x28, 0xe5, 0x26, 0x4d, 0x27, 0x68, 0x3b, 0x3e, 0x1d, 0x21, 0x71, + 0x7e, 0x55, 0xdb, 0x70, 0x51, 0x41, 0xb0, 0x81, 0x45, 0xbf, 0x38, 0xf1, 0x9a, 0xe4, 0xa5, 0x30, + 0x90, 0x2e, 0x89, 0xfa, 0x86, 0x4f, 0x94, 0x63, 0x85, 0x61, 0xff, 0x37, 0x0b, 0x46, 0x74, 0x66, + 0x0b, 0x76, 0xea, 0x4c, 0x1d, 0xb7, 0xad, 0x7d, 0x8f, 0xdb, 0xe9, 0x38, 0xfe, 0x52, 0x4f, 0x71, + 0xfc, 0x66, 0x88, 0x7d, 0x79, 0xcf, 0x10, 0xfb, 0x1f, 0xd3, 0x2f, 0x71, 0xf3, 0x58, 0xfc, 0xc1, + 0xbc, 0x57, 0xb8, 0x91, 0x0d, 0xfd, 0xae, 0xa3, 0x32, 0x40, 0x0d, 0xf1, 0x03, 0xc9, 0xcc, 0x14, + 0x43, 0x12, 0x10, 0x7b, 0x09, 0x6a, 0xea, 0xa2, 0x4b, 0x9e, 0x7e, 0xad, 0xfc, 0xd3, 0x6f, 0x4f, + 0xa1, 0xbe, 0xd3, 0x6b, 0xdf, 0xfc, 0xfe, 0x63, 0x6f, 0xf9, 0xe3, 0xef, 0x3f, 0xf6, 0x96, 0xef, + 0x7e, 0xff, 0xb1, 0xb7, 0x7c, 0xf4, 0xce, 0x63, 0xd6, 0x37, 0xef, 0x3c, 0x66, 0xfd, 0xf1, 0x9d, + 0xc7, 0xac, 0xef, 0xde, 0x79, 0xcc, 0xfa, 0xde, 0x9d, 0xc7, 0xac, 0xcf, 0xff, 0xe7, 0xc7, 0xde, + 0xf2, 0x52, 0xae, 0x4f, 0x2a, 0xfd, 0xf1, 0xb4, 0x5b, 0x9f, 0xdc, 0xba, 0xc0, 0xdc, 0x22, 0xe9, + 0xf6, 0x9a, 0x34, 0xd6, 0xd4, 0xa4, 0xdc, 0x5e, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x11, 0xf1, + 0x96, 0xdc, 0x9c, 0xed, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -5369,6 +5474,20 @@ func (m *AppProjectSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.DestinationServiceAccounts) > 0 { + for iNdEx := len(m.DestinationServiceAccounts) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.DestinationServiceAccounts[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x72 + } + } i-- if m.PermitOnlyProjectScopedClusters { dAtA[i] = 1 @@ -5727,6 +5846,44 @@ func (m *ApplicationDestination) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } +func (m *ApplicationDestinationServiceAccount) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApplicationDestinationServiceAccount) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApplicationDestinationServiceAccount) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.DefaultServiceAccount) + copy(dAtA[i:], m.DefaultServiceAccount) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.DefaultServiceAccount))) + i-- + dAtA[i] = 0x1a + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x12 + i -= len(m.Server) + copy(dAtA[i:], m.Server) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Server))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *ApplicationList) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -7222,6 +7379,25 @@ func (m *ApplicationSourceHelm) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.APIVersions) > 0 { + for iNdEx := len(m.APIVersions) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.APIVersions[iNdEx]) + copy(dAtA[i:], m.APIVersions[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersions[iNdEx]))) + i-- + dAtA[i] = 0x6a + } + } + i -= len(m.KubeVersion) + copy(dAtA[i:], m.KubeVersion) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.KubeVersion))) + i-- + dAtA[i] = 0x62 + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x5a if m.ValuesObject != nil { { size, err := m.ValuesObject.MarshalToSizedBuffer(dAtA[:i]) @@ -7393,6 +7569,24 @@ func (m *ApplicationSourceKustomize) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + if len(m.APIVersions) > 0 { + for iNdEx := len(m.APIVersions) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.APIVersions[iNdEx]) + copy(dAtA[i:], m.APIVersions[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersions[iNdEx]))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x8a + } + } + i -= len(m.KubeVersion) + copy(dAtA[i:], m.KubeVersion) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.KubeVersion))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 i-- if m.LabelWithoutSelector { dAtA[i] = 1 @@ -7990,6 +8184,9 @@ func (m *ApplicationTree) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i = encodeVarintGenerated(dAtA, i, uint64(m.ShardsCount)) + i-- + dAtA[i] = 0x20 if len(m.Hosts) > 0 { for iNdEx := len(m.Hosts) - 1; iNdEx >= 0; iNdEx-- { { @@ -8151,6 +8348,41 @@ func (m *BasicAuthBitbucketServer) MarshalToSizedBuffer(dAtA []byte) (int, error return len(dAtA) - i, nil } +func (m *BearerTokenBitbucket) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BearerTokenBitbucket) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BearerTokenBitbucket) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.TokenRef != nil { + { + size, err := m.TokenRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *BearerTokenBitbucketCloud) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -8891,6 +9123,39 @@ func (m *ConfigManagementPlugin) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } +func (m *ConfigMapKeyRef) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConfigMapKeyRef) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ConfigMapKeyRef) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0x12 + i -= len(m.ConfigMapName) + copy(dAtA[i:], m.ConfigMapName) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ConfigMapName))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *ConnectionState) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -11333,6 +11598,38 @@ func (m *PullRequestGeneratorBitbucketServer) MarshalToSizedBuffer(dAtA []byte) _ = i var l int _ = l + if m.CARef != nil { + { + size, err := m.CARef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } + i-- + if m.Insecure { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x30 + if m.BearerToken != nil { + { + size, err := m.BearerToken.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + } if m.BasicAuth != nil { { size, err := m.BasicAuth.MarshalToSizedBuffer(dAtA[:i]) @@ -11420,6 +11717,18 @@ func (m *PullRequestGeneratorGitLab) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + if m.CARef != nil { + { + size, err := m.CARef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } i-- if m.Insecure { dAtA[i] = 1 @@ -11652,6 +11961,13 @@ func (m *RepoCreds) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.NoProxy) + copy(dAtA[i:], m.NoProxy) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.NoProxy))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xba i-- if m.ForceHttpBasicAuth { dAtA[i] = 1 @@ -11803,6 +12119,13 @@ func (m *Repository) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.NoProxy) + copy(dAtA[i:], m.NoProxy) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.NoProxy))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xba i-- if m.ForceHttpBasicAuth { dAtA[i] = 1 @@ -12249,6 +12572,14 @@ func (m *ResourceActions) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i-- + if m.MergeBuiltinActions { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 if len(m.Definitions) > 0 { for iNdEx := len(m.Definitions) - 1; iNdEx >= 0; iNdEx-- { { @@ -13524,6 +13855,38 @@ func (m *SCMProviderGeneratorBitbucketServer) MarshalToSizedBuffer(dAtA []byte) _ = i var l int _ = l + if m.CARef != nil { + { + size, err := m.CARef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } + i-- + if m.Insecure { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x30 + if m.BearerToken != nil { + { + size, err := m.BearerToken.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + } i-- if m.AllBranches { dAtA[i] = 1 @@ -13758,6 +14121,18 @@ func (m *SCMProviderGeneratorGitlab) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + if m.CARef != nil { + { + size, err := m.CARef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } i -= len(m.Topic) copy(dAtA[i:], m.Topic) i = encodeVarintGenerated(dAtA, i, uint64(len(m.Topic))) @@ -13903,6 +14278,9 @@ func (m *SyncOperation) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i = encodeVarintGenerated(dAtA, i, uint64(m.SelfHealAttemptsCount)) + i-- + dAtA[i] = 0x60 if len(m.Revisions) > 0 { for iNdEx := len(m.Revisions) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.Revisions[iNdEx]) @@ -14713,6 +15091,12 @@ func (m *AppProjectSpec) Size() (n int) { } } n += 2 + if len(m.DestinationServiceAccounts) > 0 { + for _, e := range m.DestinationServiceAccounts { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -14785,6 +15169,21 @@ func (m *ApplicationDestination) Size() (n int) { return n } +func (m *ApplicationDestinationServiceAccount) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Server) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.DefaultServiceAccount) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *ApplicationList) Size() (n int) { if m == nil { return 0 @@ -15372,6 +15771,16 @@ func (m *ApplicationSourceHelm) Size() (n int) { l = m.ValuesObject.Size() n += 1 + l + sovGenerated(uint64(l)) } + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.KubeVersion) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.APIVersions) > 0 { + for _, s := range m.APIVersions { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -15461,6 +15870,14 @@ func (m *ApplicationSourceKustomize) Size() (n int) { } } n += 2 + l = len(m.KubeVersion) + n += 2 + l + sovGenerated(uint64(l)) + if len(m.APIVersions) > 0 { + for _, s := range m.APIVersions { + l = len(s) + n += 2 + l + sovGenerated(uint64(l)) + } + } return n } @@ -15654,6 +16071,7 @@ func (m *ApplicationTree) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + n += 1 + sovGenerated(uint64(m.ShardsCount)) return n } @@ -15701,6 +16119,19 @@ func (m *BasicAuthBitbucketServer) Size() (n int) { return n } +func (m *BearerTokenBitbucket) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.TokenRef != nil { + l = m.TokenRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + func (m *BearerTokenBitbucketCloud) Size() (n int) { if m == nil { return 0 @@ -15968,6 +16399,19 @@ func (m *ConfigManagementPlugin) Size() (n int) { return n } +func (m *ConfigMapKeyRef) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ConfigMapName) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Key) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *ConnectionState) Size() (n int) { if m == nil { return 0 @@ -16900,6 +17344,15 @@ func (m *PullRequestGeneratorBitbucketServer) Size() (n int) { l = m.BasicAuth.Size() n += 1 + l + sovGenerated(uint64(l)) } + if m.BearerToken != nil { + l = m.BearerToken.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + n += 2 + if m.CARef != nil { + l = m.CARef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -16943,6 +17396,10 @@ func (m *PullRequestGeneratorGitLab) Size() (n int) { l = len(m.PullRequestState) n += 1 + l + sovGenerated(uint64(l)) n += 2 + if m.CARef != nil { + l = m.CARef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -17040,6 +17497,8 @@ func (m *RepoCreds) Size() (n int) { l = len(m.Proxy) n += 2 + l + sovGenerated(uint64(l)) n += 3 + l = len(m.NoProxy) + n += 2 + l + sovGenerated(uint64(l)) return n } @@ -17102,6 +17561,8 @@ func (m *Repository) Size() (n int) { l = len(m.GCPServiceAccountKey) n += 2 + l + sovGenerated(uint64(l)) n += 3 + l = len(m.NoProxy) + n += 2 + l + sovGenerated(uint64(l)) return n } @@ -17226,6 +17687,7 @@ func (m *ResourceActions) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + n += 2 return n } @@ -17701,6 +18163,15 @@ func (m *SCMProviderGeneratorBitbucketServer) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } n += 2 + if m.BearerToken != nil { + l = m.BearerToken.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + n += 2 + if m.CARef != nil { + l = m.CARef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -17798,6 +18269,10 @@ func (m *SCMProviderGeneratorGitlab) Size() (n int) { } l = len(m.Topic) n += 1 + l + sovGenerated(uint64(l)) + if m.CARef != nil { + l = m.CARef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -17873,6 +18348,7 @@ func (m *SyncOperation) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + n += 1 + sovGenerated(uint64(m.SelfHealAttemptsCount)) return n } @@ -18189,6 +18665,11 @@ func (this *AppProjectSpec) String() string { repeatedStringForClusterResourceBlacklist += fmt.Sprintf("%v", f) + "," } repeatedStringForClusterResourceBlacklist += "}" + repeatedStringForDestinationServiceAccounts := "[]ApplicationDestinationServiceAccount{" + for _, f := range this.DestinationServiceAccounts { + repeatedStringForDestinationServiceAccounts += strings.Replace(strings.Replace(f.String(), "ApplicationDestinationServiceAccount", "ApplicationDestinationServiceAccount", 1), `&`, ``, 1) + "," + } + repeatedStringForDestinationServiceAccounts += "}" s := strings.Join([]string{`&AppProjectSpec{`, `SourceRepos:` + fmt.Sprintf("%v", this.SourceRepos) + `,`, `Destinations:` + repeatedStringForDestinations + `,`, @@ -18203,6 +18684,7 @@ func (this *AppProjectSpec) String() string { `ClusterResourceBlacklist:` + repeatedStringForClusterResourceBlacklist + `,`, `SourceNamespaces:` + fmt.Sprintf("%v", this.SourceNamespaces) + `,`, `PermitOnlyProjectScopedClusters:` + fmt.Sprintf("%v", this.PermitOnlyProjectScopedClusters) + `,`, + `DestinationServiceAccounts:` + repeatedStringForDestinationServiceAccounts + `,`, `}`, }, "") return s @@ -18264,6 +18746,18 @@ func (this *ApplicationDestination) String() string { }, "") return s } +func (this *ApplicationDestinationServiceAccount) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ApplicationDestinationServiceAccount{`, + `Server:` + fmt.Sprintf("%v", this.Server) + `,`, + `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, + `DefaultServiceAccount:` + fmt.Sprintf("%v", this.DefaultServiceAccount) + `,`, + `}`, + }, "") + return s +} func (this *ApplicationList) String() string { if this == nil { return "nil" @@ -18652,6 +19146,9 @@ func (this *ApplicationSourceHelm) String() string { `IgnoreMissingValueFiles:` + fmt.Sprintf("%v", this.IgnoreMissingValueFiles) + `,`, `SkipCrds:` + fmt.Sprintf("%v", this.SkipCrds) + `,`, `ValuesObject:` + strings.Replace(fmt.Sprintf("%v", this.ValuesObject), "RawExtension", "runtime.RawExtension", 1) + `,`, + `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, + `KubeVersion:` + fmt.Sprintf("%v", this.KubeVersion) + `,`, + `APIVersions:` + fmt.Sprintf("%v", this.APIVersions) + `,`, `}`, }, "") return s @@ -18728,6 +19225,8 @@ func (this *ApplicationSourceKustomize) String() string { `Patches:` + repeatedStringForPatches + `,`, `Components:` + fmt.Sprintf("%v", this.Components) + `,`, `LabelWithoutSelector:` + fmt.Sprintf("%v", this.LabelWithoutSelector) + `,`, + `KubeVersion:` + fmt.Sprintf("%v", this.KubeVersion) + `,`, + `APIVersions:` + fmt.Sprintf("%v", this.APIVersions) + `,`, `}`, }, "") return s @@ -18870,6 +19369,7 @@ func (this *ApplicationTree) String() string { `Nodes:` + repeatedStringForNodes + `,`, `OrphanedNodes:` + repeatedStringForOrphanedNodes + `,`, `Hosts:` + repeatedStringForHosts + `,`, + `ShardsCount:` + fmt.Sprintf("%v", this.ShardsCount) + `,`, `}`, }, "") return s @@ -18908,6 +19408,16 @@ func (this *BasicAuthBitbucketServer) String() string { }, "") return s } +func (this *BearerTokenBitbucket) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BearerTokenBitbucket{`, + `TokenRef:` + strings.Replace(this.TokenRef.String(), "SecretRef", "SecretRef", 1) + `,`, + `}`, + }, "") + return s +} func (this *BearerTokenBitbucketCloud) String() string { if this == nil { return "nil" @@ -19112,6 +19622,17 @@ func (this *ConfigManagementPlugin) String() string { }, "") return s } +func (this *ConfigMapKeyRef) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ConfigMapKeyRef{`, + `ConfigMapName:` + fmt.Sprintf("%v", this.ConfigMapName) + `,`, + `Key:` + fmt.Sprintf("%v", this.Key) + `,`, + `}`, + }, "") + return s +} func (this *ConnectionState) String() string { if this == nil { return "nil" @@ -19871,6 +20392,9 @@ func (this *PullRequestGeneratorBitbucketServer) String() string { `Repo:` + fmt.Sprintf("%v", this.Repo) + `,`, `API:` + fmt.Sprintf("%v", this.API) + `,`, `BasicAuth:` + strings.Replace(this.BasicAuth.String(), "BasicAuthBitbucketServer", "BasicAuthBitbucketServer", 1) + `,`, + `BearerToken:` + strings.Replace(this.BearerToken.String(), "BearerTokenBitbucket", "BearerTokenBitbucket", 1) + `,`, + `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, + `CARef:` + strings.Replace(this.CARef.String(), "ConfigMapKeyRef", "ConfigMapKeyRef", 1) + `,`, `}`, }, "") return s @@ -19897,6 +20421,7 @@ func (this *PullRequestGeneratorGitLab) String() string { `Labels:` + fmt.Sprintf("%v", this.Labels) + `,`, `PullRequestState:` + fmt.Sprintf("%v", this.PullRequestState) + `,`, `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, + `CARef:` + strings.Replace(this.CARef.String(), "ConfigMapKeyRef", "ConfigMapKeyRef", 1) + `,`, `}`, }, "") return s @@ -19962,6 +20487,7 @@ func (this *RepoCreds) String() string { `GCPServiceAccountKey:` + fmt.Sprintf("%v", this.GCPServiceAccountKey) + `,`, `Proxy:` + fmt.Sprintf("%v", this.Proxy) + `,`, `ForceHttpBasicAuth:` + fmt.Sprintf("%v", this.ForceHttpBasicAuth) + `,`, + `NoProxy:` + fmt.Sprintf("%v", this.NoProxy) + `,`, `}`, }, "") return s @@ -20009,6 +20535,7 @@ func (this *Repository) String() string { `Project:` + fmt.Sprintf("%v", this.Project) + `,`, `GCPServiceAccountKey:` + fmt.Sprintf("%v", this.GCPServiceAccountKey) + `,`, `ForceHttpBasicAuth:` + fmt.Sprintf("%v", this.ForceHttpBasicAuth) + `,`, + `NoProxy:` + fmt.Sprintf("%v", this.NoProxy) + `,`, `}`, }, "") return s @@ -20114,6 +20641,7 @@ func (this *ResourceActions) String() string { s := strings.Join([]string{`&ResourceActions{`, `ActionDiscoveryLua:` + fmt.Sprintf("%v", this.ActionDiscoveryLua) + `,`, `Definitions:` + repeatedStringForDefinitions + `,`, + `MergeBuiltinActions:` + fmt.Sprintf("%v", this.MergeBuiltinActions) + `,`, `}`, }, "") return s @@ -20458,6 +20986,9 @@ func (this *SCMProviderGeneratorBitbucketServer) String() string { `API:` + fmt.Sprintf("%v", this.API) + `,`, `BasicAuth:` + strings.Replace(this.BasicAuth.String(), "BasicAuthBitbucketServer", "BasicAuthBitbucketServer", 1) + `,`, `AllBranches:` + fmt.Sprintf("%v", this.AllBranches) + `,`, + `BearerToken:` + strings.Replace(this.BearerToken.String(), "BearerTokenBitbucket", "BearerTokenBitbucket", 1) + `,`, + `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, + `CARef:` + strings.Replace(this.CARef.String(), "ConfigMapKeyRef", "ConfigMapKeyRef", 1) + `,`, `}`, }, "") return s @@ -20517,6 +21048,7 @@ func (this *SCMProviderGeneratorGitlab) String() string { `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, `IncludeSharedProjects:` + valueToStringGenerated(this.IncludeSharedProjects) + `,`, `Topic:` + fmt.Sprintf("%v", this.Topic) + `,`, + `CARef:` + strings.Replace(this.CARef.String(), "ConfigMapKeyRef", "ConfigMapKeyRef", 1) + `,`, `}`, }, "") return s @@ -20567,6 +21099,7 @@ func (this *SyncOperation) String() string { `SyncOptions:` + fmt.Sprintf("%v", this.SyncOptions) + `,`, `Sources:` + repeatedStringForSources + `,`, `Revisions:` + fmt.Sprintf("%v", this.Revisions) + `,`, + `SelfHealAttemptsCount:` + fmt.Sprintf("%v", this.SelfHealAttemptsCount) + `,`, `}`, }, "") return s @@ -21593,6 +22126,40 @@ func (m *AppProjectSpec) Unmarshal(dAtA []byte) error { } } m.PermitOnlyProjectScopedClusters = bool(v != 0) + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DestinationServiceAccounts", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DestinationServiceAccounts = append(m.DestinationServiceAccounts, ApplicationDestinationServiceAccount{}) + if err := m.DestinationServiceAccounts[len(m.DestinationServiceAccounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -22274,7 +22841,7 @@ func (m *ApplicationDestination) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationList) Unmarshal(dAtA []byte) error { +func (m *ApplicationDestinationServiceAccount) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -22297,17 +22864,17 @@ func (m *ApplicationList) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ApplicationList: wiretype end group for non-group") + return fmt.Errorf("proto: ApplicationDestinationServiceAccount: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationList: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ApplicationDestinationServiceAccount: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -22317,30 +22884,29 @@ func (m *ApplicationList) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Server = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -22350,79 +22916,226 @@ func (m *ApplicationList) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Items = append(m.Items, Application{}) - if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ApplicationMatchExpression) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationMatchExpression: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationMatchExpression: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DefaultServiceAccount", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DefaultServiceAccount = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, Application{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationMatchExpression) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationMatchExpression: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationMatchExpression: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -27064,61 +27777,11 @@ func (m *ApplicationSourceHelm) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ApplicationSourceJsonnet) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSourceJsonnet: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSourceJsonnet: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 11: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ExtVars", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -27128,31 +27791,29 @@ func (m *ApplicationSourceJsonnet) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.ExtVars = append(m.ExtVars, JsonnetVar{}) - if err := m.ExtVars[len(m.ExtVars)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.Namespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 12: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TLAs", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeVersion", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -27162,29 +27823,177 @@ func (m *ApplicationSourceJsonnet) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.TLAs = append(m.TLAs, JsonnetVar{}) - if err := m.TLAs[len(m.TLAs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.KubeVersion = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 13: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Libs", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field APIVersions", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.APIVersions = append(m.APIVersions, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationSourceJsonnet) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSourceJsonnet: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSourceJsonnet: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ExtVars", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ExtVars = append(m.ExtVars, JsonnetVar{}) + if err := m.ExtVars[len(m.ExtVars)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TLAs", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TLAs = append(m.TLAs, JsonnetVar{}) + if err := m.TLAs[len(m.TLAs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Libs", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -27878,59 +28687,9 @@ func (m *ApplicationSourceKustomize) Unmarshal(dAtA []byte) error { } } m.LabelWithoutSelector = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ApplicationSourcePlugin) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSourcePlugin: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSourcePlugin: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 16: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field KubeVersion", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -27958,47 +28717,13 @@ func (m *ApplicationSourcePlugin) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Env", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Env = append(m.Env, &EnvEntry{}) - if err := m.Env[len(m.Env)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.KubeVersion = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 17: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field APIVersions", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -28008,25 +28733,23 @@ func (m *ApplicationSourcePlugin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Parameters = append(m.Parameters, ApplicationSourcePluginParameter{}) - if err := m.Parameters[len(m.Parameters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.APIVersions = append(m.APIVersions, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -28049,7 +28772,157 @@ func (m *ApplicationSourcePlugin) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSourcePluginParameter) Unmarshal(dAtA []byte) error { +func (m *ApplicationSourcePlugin) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSourcePlugin: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSourcePlugin: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Env", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Env = append(m.Env, &EnvEntry{}) + if err := m.Env[len(m.Env)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Parameters", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Parameters = append(m.Parameters, ApplicationSourcePluginParameter{}) + if err := m.Parameters[len(m.Parameters)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ApplicationSourcePluginParameter) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29277,6 +30150,25 @@ func (m *ApplicationTree) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ShardsCount", wireType) + } + m.ShardsCount = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ShardsCount |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -29665,7 +30557,7 @@ func (m *BasicAuthBitbucketServer) Unmarshal(dAtA []byte) error { } return nil } -func (m *BearerTokenBitbucketCloud) Unmarshal(dAtA []byte) error { +func (m *BearerTokenBitbucket) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29688,10 +30580,10 @@ func (m *BearerTokenBitbucketCloud) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: BearerTokenBitbucketCloud: wiretype end group for non-group") + return fmt.Errorf("proto: BearerTokenBitbucket: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: BearerTokenBitbucketCloud: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: BearerTokenBitbucket: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -29751,7 +30643,7 @@ func (m *BearerTokenBitbucketCloud) Unmarshal(dAtA []byte) error { } return nil } -func (m *ChartDetails) Unmarshal(dAtA []byte) error { +func (m *BearerTokenBitbucketCloud) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29774,49 +30666,17 @@ func (m *ChartDetails) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ChartDetails: wiretype end group for non-group") + return fmt.Errorf("proto: BearerTokenBitbucketCloud: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ChartDetails: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: BearerTokenBitbucketCloud: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Description = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Home", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -29826,55 +30686,27 @@ func (m *ChartDetails) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Home = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Maintainers", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated + if m.TokenRef == nil { + m.TokenRef = &SecretRef{} } - if postIndex > l { - return io.ErrUnexpectedEOF + if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err } - m.Maintainers = append(m.Maintainers, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex default: iNdEx = preIndex @@ -29897,7 +30729,7 @@ func (m *ChartDetails) Unmarshal(dAtA []byte) error { } return nil } -func (m *Cluster) Unmarshal(dAtA []byte) error { +func (m *ChartDetails) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -29920,15 +30752,161 @@ func (m *Cluster) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: Cluster: wiretype end group for non-group") + return fmt.Errorf("proto: ChartDetails: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: Cluster: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ChartDetails: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Description = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Home", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Home = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Maintainers", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Maintainers = append(m.Maintainers, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Cluster) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Cluster: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Cluster: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Server", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -32137,6 +33115,120 @@ func (m *ConfigManagementPlugin) Unmarshal(dAtA []byte) error { } return nil } +func (m *ConfigMapKeyRef) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConfigMapKeyRef: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConfigMapKeyRef: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConfigMapName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ConfigMapName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ConnectionState) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -39799,9 +40891,223 @@ func (m *PullRequestGeneratorAzureDevOps) Unmarshal(dAtA []byte) error { } m.API = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 5: + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.TokenRef == nil { + m.TokenRef = &SecretRef{} + } + if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Labels = append(m.Labels, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PullRequestGeneratorBitbucket: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PullRequestGeneratorBitbucket: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Owner = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Repo", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Repo = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field API", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.API = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BasicAuth", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -39828,18 +41134,18 @@ func (m *PullRequestGeneratorAzureDevOps) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.TokenRef == nil { - m.TokenRef = &SecretRef{} + if m.BasicAuth == nil { + m.BasicAuth = &BasicAuthBitbucketServer{} } - if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.BasicAuth.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 6: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BearerToken", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -39849,23 +41155,27 @@ func (m *PullRequestGeneratorAzureDevOps) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Labels = append(m.Labels, string(dAtA[iNdEx:postIndex])) + if m.BearerToken == nil { + m.BearerToken = &BearerTokenBitbucketCloud{} + } + if err := m.BearerToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -39888,7 +41198,7 @@ func (m *PullRequestGeneratorAzureDevOps) Unmarshal(dAtA []byte) error { } return nil } -func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { +func (m *PullRequestGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -39911,15 +41221,15 @@ func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PullRequestGeneratorBitbucket: wiretype end group for non-group") + return fmt.Errorf("proto: PullRequestGeneratorBitbucketServer: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PullRequestGeneratorBitbucket: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PullRequestGeneratorBitbucketServer: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -39947,7 +41257,7 @@ func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Owner = string(dAtA[iNdEx:postIndex]) + m.Project = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { @@ -40079,12 +41389,68 @@ func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.BearerToken == nil { - m.BearerToken = &BearerTokenBitbucketCloud{} + m.BearerToken = &BearerTokenBitbucket{} } if err := m.BearerToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Insecure", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Insecure = bool(v != 0) + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CARef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.CARef == nil { + m.CARef = &ConfigMapKeyRef{} + } + if err := m.CARef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -40106,7 +41472,7 @@ func (m *PullRequestGeneratorBitbucket) Unmarshal(dAtA []byte) error { } return nil } -func (m *PullRequestGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { +func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40129,15 +41495,15 @@ func (m *PullRequestGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PullRequestGeneratorBitbucketServer: wiretype end group for non-group") + return fmt.Errorf("proto: PullRequestGeneratorFilter: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PullRequestGeneratorBitbucketServer: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PullRequestGeneratorFilter: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field BranchMatch", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40165,43 +41531,12 @@ func (m *PullRequestGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Project = string(dAtA[iNdEx:postIndex]) + s := string(dAtA[iNdEx:postIndex]) + m.BranchMatch = &s iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Repo", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Repo = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field API", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TargetBranchMatch", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40229,43 +41564,8 @@ func (m *PullRequestGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.API = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BasicAuth", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.BasicAuth == nil { - m.BasicAuth = &BasicAuthBitbucketServer{} - } - if err := m.BasicAuth.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + s := string(dAtA[iNdEx:postIndex]) + m.TargetBranchMatch = &s iNdEx = postIndex default: iNdEx = preIndex @@ -40288,7 +41588,7 @@ func (m *PullRequestGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { } return nil } -func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { +func (m *PullRequestGeneratorGitLab) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -40311,15 +41611,15 @@ func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: PullRequestGeneratorFilter: wiretype end group for non-group") + return fmt.Errorf("proto: PullRequestGeneratorGitLab: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: PullRequestGeneratorFilter: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: PullRequestGeneratorGitLab: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field BranchMatch", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40347,12 +41647,79 @@ func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - s := string(dAtA[iNdEx:postIndex]) - m.BranchMatch = &s + m.Project = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TargetBranchMatch", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field API", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.API = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.TokenRef == nil { + m.TokenRef = &SecretRef{} + } + if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40380,62 +41747,11 @@ func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - s := string(dAtA[iNdEx:postIndex]) - m.TargetBranchMatch = &s + m.Labels = append(m.Labels, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *PullRequestGeneratorGitLab) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: PullRequestGeneratorGitLab: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: PullRequestGeneratorGitLab: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field PullRequestState", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -40463,13 +41779,13 @@ func (m *PullRequestGeneratorGitLab) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Project = string(dAtA[iNdEx:postIndex]) + m.PullRequestState = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field API", wireType) + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Insecure", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -40479,27 +41795,15 @@ func (m *PullRequestGeneratorGitLab) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.API = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: + m.Insecure = bool(v != 0) + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TokenRef", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CARef", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -40526,97 +41830,13 @@ func (m *PullRequestGeneratorGitLab) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if m.TokenRef == nil { - m.TokenRef = &SecretRef{} + if m.CARef == nil { + m.CARef = &ConfigMapKeyRef{} } - if err := m.TokenRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.CARef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Labels = append(m.Labels, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PullRequestState", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PullRequestState = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Insecure", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Insecure = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -41554,31 +42774,95 @@ func (m *RepoCreds) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.GitHubAppEnterpriseBaseURL = string(dAtA[iNdEx:postIndex]) + m.GitHubAppEnterpriseBaseURL = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 11: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field EnableOCI", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.EnableOCI = bool(v != 0) + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field GCPServiceAccountKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.GCPServiceAccountKey = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field EnableOCI", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.EnableOCI = bool(v != 0) - case 12: + case 19: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Proxy", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41606,13 +42890,13 @@ func (m *RepoCreds) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Type = string(dAtA[iNdEx:postIndex]) + m.Proxy = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field GCPServiceAccountKey", wireType) + case 20: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ForceHttpBasicAuth", wireType) } - var stringLen uint64 + var v int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -41622,27 +42906,15 @@ func (m *RepoCreds) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + v |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.GCPServiceAccountKey = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 19: + m.ForceHttpBasicAuth = bool(v != 0) + case 23: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Proxy", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NoProxy", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -41670,28 +42942,8 @@ func (m *RepoCreds) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Proxy = string(dAtA[iNdEx:postIndex]) + m.NoProxy = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 20: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ForceHttpBasicAuth", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.ForceHttpBasicAuth = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -42466,6 +43718,38 @@ func (m *Repository) Unmarshal(dAtA []byte) error { } } m.ForceHttpBasicAuth = bool(v != 0) + case 23: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NoProxy", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.NoProxy = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -43520,6 +44804,26 @@ func (m *ResourceActions) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MergeBuiltinActions", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.MergeBuiltinActions = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -48244,6 +49548,98 @@ func (m *SCMProviderGeneratorBitbucketServer) Unmarshal(dAtA []byte) error { } } m.AllBranches = bool(v != 0) + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field BearerToken", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.BearerToken == nil { + m.BearerToken = &BearerTokenBitbucket{} + } + if err := m.BearerToken.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Insecure", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Insecure = bool(v != 0) + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CARef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.CARef == nil { + m.CARef = &ConfigMapKeyRef{} + } + if err := m.CARef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -49112,6 +50508,42 @@ func (m *SCMProviderGeneratorGitlab) Unmarshal(dAtA []byte) error { } m.Topic = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CARef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.CARef == nil { + m.CARef = &ConfigMapKeyRef{} + } + if err := m.CARef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -49666,6 +51098,25 @@ func (m *SyncOperation) Unmarshal(dAtA []byte) error { } m.Revisions = append(m.Revisions, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 12: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field SelfHealAttemptsCount", wireType) + } + m.SelfHealAttemptsCount = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.SelfHealAttemptsCount |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 36fd035929379..b2bba4d83cb80 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -38,7 +38,7 @@ message AWSAuthConfig { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:path=appprojects,shortName=appproj;appprojs message AppProject { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; optional AppProjectSpec spec = 2; @@ -48,7 +48,7 @@ message AppProject { // AppProjectList is list of AppProject resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object message AppProjectList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated AppProject items = 2; } @@ -68,10 +68,10 @@ message AppProjectSpec { repeated ProjectRole roles = 4; // ClusterResourceWhitelist contains list of whitelisted cluster level resources - repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceWhitelist = 5; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceWhitelist = 5; // NamespaceResourceBlacklist contains list of blacklisted namespace level resources - repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceBlacklist = 6; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceBlacklist = 6; // OrphanedResources specifies if controller should monitor orphaned resources of apps in this project optional OrphanedResourcesMonitorSettings orphanedResources = 7; @@ -80,19 +80,22 @@ message AppProjectSpec { repeated SyncWindow syncWindows = 8; // NamespaceResourceWhitelist contains list of whitelisted namespace level resources - repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceWhitelist = 9; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceWhitelist = 9; // SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync repeated SignatureKey signatureKeys = 10; // ClusterResourceBlacklist contains list of blacklisted cluster level resources - repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceBlacklist = 11; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceBlacklist = 11; // SourceNamespaces defines the namespaces application resources are allowed to be created in repeated string sourceNamespaces = 12; // PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped optional bool permitOnlyProjectScopedClusters = 13; + + // DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination. + repeated ApplicationDestinationServiceAccount destinationServiceAccounts = 14; } // AppProjectStatus contains status information for AppProject CRs @@ -111,7 +114,7 @@ message AppProjectStatus { // +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10 // +kubebuilder:printcolumn:name="Project",type=string,JSONPath=`.spec.project`,priority=10 message Application { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; optional ApplicationSpec spec = 2; @@ -129,7 +132,7 @@ message ApplicationCondition { optional string message = 2; // LastTransitionTime is the time the condition was last observed - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; } // ApplicationDestination holds information about the application's destination @@ -145,10 +148,22 @@ message ApplicationDestination { optional string name = 3; } +// ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation. +message ApplicationDestinationServiceAccount { + // Server specifies the URL of the target cluster's Kubernetes control plane API. + optional string server = 1; + + // Namespace specifies the target namespace for the application's resources. + optional string namespace = 2; + + // DefaultServiceAccount to be used for impersonation during the sync operation + optional string defaultServiceAccount = 3; +} + // ApplicationList is list of Application resources // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object message ApplicationList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated Application items = 2; } @@ -174,7 +189,7 @@ message ApplicationPreservedFields { // +kubebuilder:resource:path=applicationsets,shortName=appset;appsets // +kubebuilder:subresource:status message ApplicationSet { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; optional ApplicationSetSpec spec = 2; @@ -187,7 +202,7 @@ message ApplicationSetApplicationStatus { optional string application = 1; // LastTransitionTime is the time the status was last updated - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 2; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 2; // Message contains human-readable message indicating details about the status optional string message = 3; @@ -211,7 +226,7 @@ message ApplicationSetCondition { optional string message = 2; // LastTransitionTime is the time the condition was last observed - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; // True/False/Unknown optional string status = 4; @@ -239,7 +254,7 @@ message ApplicationSetGenerator { optional MergeGenerator merge = 8; // Selector allows to post-filter all generator. - optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; optional PluginGenerator plugin = 10; } @@ -248,7 +263,7 @@ message ApplicationSetGenerator { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true message ApplicationSetList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated ApplicationSet items = 2; } @@ -269,13 +284,13 @@ message ApplicationSetNestedGenerator { optional PullRequestGenerator pullRequest = 6; // Matrix should have the form of NestedMatrixGenerator - optional k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON matrix = 7; + optional .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON matrix = 7; // Merge should have the form of NestedMergeGenerator - optional k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON merge = 8; + optional .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON merge = 8; // Selector allows to post-filter all generator. - optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9; optional PluginGenerator plugin = 10; } @@ -296,7 +311,7 @@ message ApplicationSetResourceIgnoreDifferences { message ApplicationSetRolloutStep { repeated ApplicationMatchExpression matchExpressions = 1; - optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUpdate = 2; + optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUpdate = 2; } message ApplicationSetRolloutStrategy { @@ -399,7 +414,7 @@ message ApplicationSetTerminalGenerator { optional PluginGenerator plugin = 7; // Selector allows to post-filter all generator. - optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; } // ApplicationSetTree holds nodes which belongs to the application @@ -488,7 +503,18 @@ message ApplicationSourceHelm { // ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values. // +kubebuilder:pruning:PreserveUnknownFields - optional k8s.io.apimachinery.pkg.runtime.RawExtension valuesObject = 10; + optional .k8s.io.apimachinery.pkg.runtime.RawExtension valuesObject = 10; + + // Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + optional string namespace = 11; + + // KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + // uses the Kubernetes version of the target cluster. + optional string kubeVersion = 12; + + // APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + // Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + repeated string apiVersions = 13; } // ApplicationSourceJsonnet holds options specific to applications of type Jsonnet @@ -549,6 +575,14 @@ message ApplicationSourceKustomize { // LabelWithoutSelector specifies whether to apply common labels to resource selectors or not optional bool labelWithoutSelector = 15; + + // KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + // uses the Kubernetes version of the target cluster. + optional string kubeVersion = 16; + + // APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + // Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + repeated string apiVersions = 17; } // ApplicationSourcePlugin holds options specific to config management plugins @@ -624,14 +658,14 @@ message ApplicationStatus { repeated ApplicationCondition conditions = 5; // ReconciledAt indicates when the application state was reconciled using the latest git version - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time reconciledAt = 6; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time reconciledAt = 6; // OperationState contains information about any ongoing operations, such as a sync optional OperationState operationState = 7; // ObservedAt indicates when the application state was updated without querying latest git state // Deprecated: controller no longer updates ObservedAt field - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time observedAt = 8; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time observedAt = 8; // SourceType specifies the type of this application optional string sourceType = 9; @@ -669,6 +703,9 @@ message ApplicationTree { // Hosts holds list of Kubernetes nodes that run application related pods repeated HostInfo hosts = 3; + + // ShardsCount contains total number of shards the application tree is split into + optional int64 shardsCount = 4; } // ApplicationWatchEvent contains information about application change. @@ -704,6 +741,12 @@ message BasicAuthBitbucketServer { optional SecretRef passwordRef = 2; } +// BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth. +message BearerTokenBitbucket { + // Password (or personal access token) reference. + optional SecretRef tokenRef = 1; +} + // BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth. message BearerTokenBitbucketCloud { // Password (or personal access token) reference. @@ -744,7 +787,7 @@ message Cluster { repeated string namespaces = 6; // RefreshRequestedAt holds time when cluster cache refresh has been requested - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time refreshRequestedAt = 7; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time refreshRequestedAt = 7; // Info holds information about cluster cache and state optional ClusterInfo info = 8; @@ -774,7 +817,7 @@ message ClusterCacheInfo { optional int64 apisCount = 2; // LastCacheSyncTime holds time of most recent cache synchronization - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastCacheSyncTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastCacheSyncTime = 3; } // ClusterConfig is the configuration attributes. This structure is subset of the go-client @@ -811,7 +854,7 @@ message ClusterGenerator { // Selector defines a label selector to match against all clusters registered with ArgoCD. // Clusters today are stored as Kubernetes Secrets, thus the Secret labels will be used // for matching the selector. - optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1; optional ApplicationSetTemplate template = 2; @@ -839,7 +882,7 @@ message ClusterInfo { // ClusterList is a collection of Clusters. message ClusterList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated Cluster items = 2; } @@ -886,6 +929,13 @@ message ConfigManagementPlugin { optional bool lockRepo = 4; } +// Utility struct for a reference to a configmap key. +message ConfigMapKeyRef { + optional string configMapName = 1; + + optional string key = 2; +} + // ConnectionState contains information about remote resource connection state, currently used for clusters and repositories message ConnectionState { // Status contains the current status indicator for the connection @@ -895,7 +945,7 @@ message ConnectionState { optional string message = 2; // ModifiedAt contains the timestamp when this connection status has been determined - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3; } // DuckType defines a generator to match against clusters registered with ArgoCD. @@ -910,7 +960,7 @@ message DuckTypeGenerator { optional int64 requeueAfterSeconds = 3; - optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4; optional ApplicationSetTemplate template = 5; @@ -1001,7 +1051,7 @@ message GnuPGPublicKey { // GnuPGPublicKeyList is a collection of GnuPGPublicKey objects message GnuPGPublicKeyList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated GnuPGPublicKey items = 2; } @@ -1049,7 +1099,7 @@ message HostInfo { repeated HostResourceInfo resourcesInfo = 2; - optional k8s.io.api.core.v1.NodeSystemInfo systemInfo = 3; + optional .k8s.io.api.core.v1.NodeSystemInfo systemInfo = 3; } // TODO: describe this type @@ -1144,7 +1194,7 @@ message KustomizeReplica { optional string name = 1; // Number of replicas - optional k8s.io.apimachinery.pkg.util.intstr.IntOrString count = 2; + optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString count = 2; } message KustomizeResId { @@ -1166,7 +1216,7 @@ message KustomizeSelector { // ListGenerator include items info message ListGenerator { // +kubebuilder:validation:Optional - repeated k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON elements = 1; + repeated .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON elements = 1; optional ApplicationSetTemplate template = 2; @@ -1268,10 +1318,10 @@ message OperationState { optional SyncOperationResult syncResult = 4; // StartedAt contains time of operation start - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 6; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 6; // FinishedAt contains time of operation completion - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7; // RetryCount contains time of operation retries optional int64 retryCount = 8; @@ -1345,7 +1395,7 @@ message PluginGenerator { message PluginInput { // Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the // values can be any type. - map parameters = 1; + map parameters = 1; } // ProjectRole represents a role that has access to a project @@ -1443,6 +1493,15 @@ message PullRequestGeneratorBitbucketServer { // Credentials for Basic auth optional BasicAuthBitbucketServer basicAuth = 4; + + // Credentials for AccessToken (Bearer auth) + optional BearerTokenBitbucket bearerToken = 5; + + // Allow self-signed TLS / Certificates; default: false + optional bool insecure = 6; + + // ConfigMap key holding the trusted certificates + optional ConfigMapKeyRef caRef = 7; } // PullRequestGeneratorFilter is a single pull request filter. @@ -1473,6 +1532,9 @@ message PullRequestGeneratorGitLab { // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false optional bool insecure = 6; + + // ConfigMap key holding the trusted certificates + optional ConfigMapKeyRef caRef = 7; } // PullRequestGeneratorGitea defines connection info specific to Gitea. @@ -1568,11 +1630,14 @@ message RepoCreds { // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections optional bool forceHttpBasicAuth = 20; + + // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied + optional string noProxy = 23; } // RepositoryList is a collection of Repositories. message RepoCredsList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated RepoCreds items = 2; } @@ -1645,6 +1710,9 @@ message Repository { // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections optional bool forceHttpBasicAuth = 22; + + // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied + optional string noProxy = 23; } // A RepositoryCertificate is either SSH known hosts entry or TLS certificate @@ -1667,7 +1735,7 @@ message RepositoryCertificate { // RepositoryCertificateList is a collection of RepositoryCertificates message RepositoryCertificateList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // List of certificates to be processed repeated RepositoryCertificate items = 2; @@ -1675,7 +1743,7 @@ message RepositoryCertificateList { // RepositoryList is a collection of Repositories. message RepositoryList { - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated Repository items = 2; } @@ -1720,6 +1788,8 @@ message ResourceActions { optional string actionDiscoveryLua = 1; repeated ResourceActionDefinition definitions = 2; + + optional bool mergeBuiltinActions = 3; } // ResourceDiff holds the diff of a live and target resource object @@ -1784,7 +1854,7 @@ message ResourceNetworkingInfo { map labels = 3; - repeated k8s.io.api.core.v1.LoadBalancerIngress ingress = 4; + repeated .k8s.io.api.core.v1.LoadBalancerIngress ingress = 4; // ExternalURLs holds list of URLs which should be available externally. List is populated for ingress resources using rules hostnames. repeated string externalURLs = 5; @@ -1807,7 +1877,7 @@ message ResourceNode { optional HealthStatus health = 7; - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time createdAt = 8; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time createdAt = 8; // available for managed resource map labels = 9; @@ -1920,7 +1990,7 @@ message RevisionHistory { optional string revision = 2; // DeployedAt holds the time the sync operation completed - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deployedAt = 4; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time deployedAt = 4; // ID is an auto incrementing identifier of the RevisionHistory optional int64 id = 5; @@ -1929,7 +1999,7 @@ message RevisionHistory { optional ApplicationSource source = 6; // DeployStartedAt holds the time the sync operation started - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deployStartedAt = 7; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time deployStartedAt = 7; // Sources is a reference to the application sources used for the sync operation repeated ApplicationSource sources = 8; @@ -1949,7 +2019,7 @@ message RevisionMetadata { optional string author = 1; // Date specifies when the revision was authored - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time date = 2; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time date = 2; // Tags specifies any tags currently attached to the revision // Floating tags can move from one revision to another @@ -2058,6 +2128,15 @@ message SCMProviderGeneratorBitbucketServer { // Scan all branches instead of just the default branch. optional bool allBranches = 4; + + // Credentials for AccessToken (Bearer auth) + optional BearerTokenBitbucket bearerToken = 5; + + // Allow self-signed TLS / Certificates; default: false + optional bool insecure = 6; + + // ConfigMap key holding the trusted certificates + optional ConfigMapKeyRef caRef = 7; } // SCMProviderGeneratorFilter is a single repository filter. @@ -2141,6 +2220,9 @@ message SCMProviderGeneratorGitlab { // Filter repos list based on Gitlab Topic. optional string topic = 8; + + // ConfigMap key holding the trusted certificates + optional ConfigMapKeyRef caRef = 9; } // Utility struct for a reference to a secret key. @@ -2191,6 +2273,9 @@ message SyncOperation { // Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to // If omitted, will use the revision specified in app spec. repeated string revisions = 11; + + // SelfHealAttemptsCount contains the number of auto-heal attempts + optional int64 autoHealAttemptsCount = 12; } // SyncOperationResource contains resources to sync. @@ -2258,7 +2343,6 @@ message SyncStatus { optional string status = 1; // ComparedTo contains information about what has been compared - // +patchStrategy=replace optional ComparedTo comparedTo = 2; // Revision contains information about the revision the comparison has been performed to diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index af8a52358df17..1b2533532bc0e 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -22,6 +22,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Application": schema_pkg_apis_application_v1alpha1_Application(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationCondition": schema_pkg_apis_application_v1alpha1_ApplicationCondition(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination": schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestinationServiceAccount": schema_pkg_apis_application_v1alpha1_ApplicationDestinationServiceAccount(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationList": schema_pkg_apis_application_v1alpha1_ApplicationList(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationMatchExpression": schema_pkg_apis_application_v1alpha1_ApplicationMatchExpression(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationPreservedFields": schema_pkg_apis_application_v1alpha1_ApplicationPreservedFields(ref), @@ -56,6 +57,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationWatchEvent": schema_pkg_apis_application_v1alpha1_ApplicationWatchEvent(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Backoff": schema_pkg_apis_application_v1alpha1_Backoff(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer": schema_pkg_apis_application_v1alpha1_BasicAuthBitbucketServer(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucket": schema_pkg_apis_application_v1alpha1_BearerTokenBitbucket(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucketCloud": schema_pkg_apis_application_v1alpha1_BearerTokenBitbucketCloud(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ChartDetails": schema_pkg_apis_application_v1alpha1_ChartDetails(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Cluster": schema_pkg_apis_application_v1alpha1_Cluster(ref), @@ -68,6 +70,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ComparedTo": schema_pkg_apis_application_v1alpha1_ComparedTo(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ComponentParameter": schema_pkg_apis_application_v1alpha1_ComponentParameter(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigManagementPlugin": schema_pkg_apis_application_v1alpha1_ConfigManagementPlugin(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef": schema_pkg_apis_application_v1alpha1_ConfigMapKeyRef(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConnectionState": schema_pkg_apis_application_v1alpha1_ConnectionState(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator": schema_pkg_apis_application_v1alpha1_DuckTypeGenerator(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.EnvEntry": schema_pkg_apis_application_v1alpha1_EnvEntry(ref), @@ -471,11 +474,25 @@ func schema_pkg_apis_application_v1alpha1_AppProjectSpec(ref common.ReferenceCal Format: "", }, }, + "destinationServiceAccounts": { + SchemaProps: spec.SchemaProps{ + Description: "DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestinationServiceAccount"), + }, + }, + }, + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OrphanedResourcesMonitorSettings", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ProjectRole", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SignatureKey", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncWindow", "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestinationServiceAccount", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OrphanedResourcesMonitorSettings", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ProjectRole", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SignatureKey", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncWindow", "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind"}, } } @@ -634,6 +651,40 @@ func schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref common.Refe } } +func schema_pkg_apis_application_v1alpha1_ApplicationDestinationServiceAccount(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "server": { + SchemaProps: spec.SchemaProps{ + Description: "Server specifies the URL of the target cluster's Kubernetes control plane API.", + Type: []string{"string"}, + Format: "", + }, + }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "Namespace specifies the target namespace for the application's resources.", + Type: []string{"string"}, + Format: "", + }, + }, + "defaultServiceAccount": { + SchemaProps: spec.SchemaProps{ + Description: "ServiceAccountName to be used for impersonation during the sync operation", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_ApplicationList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -1833,6 +1884,35 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref common.Refer Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + Type: []string{"string"}, + Format: "", + }, + }, + "kubeVersion": { + SchemaProps: spec.SchemaProps{ + Description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster.", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersions": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, }, }, @@ -1988,13 +2068,6 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSourceKustomize(ref common. Format: "", }, }, - "forceNamespace": { - SchemaProps: spec.SchemaProps{ - Description: "ForceNamespace if true, will use the application's destination namespace as a kustomization file namespace", - Type: []string{"boolean"}, - Format: "", - }, - }, "namespace": { SchemaProps: spec.SchemaProps{ Description: "Namespace sets the namespace that Kustomize adds to all resources", @@ -2059,6 +2132,28 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSourceKustomize(ref common. Format: "", }, }, + "kubeVersion": { + SchemaProps: spec.SchemaProps{ + Description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster.", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersions": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, }, }, @@ -2557,6 +2652,28 @@ func schema_pkg_apis_application_v1alpha1_BasicAuthBitbucketServer(ref common.Re } } +func schema_pkg_apis_application_v1alpha1_BearerTokenBitbucket(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "tokenRef": { + SchemaProps: spec.SchemaProps{ + Description: "Password (or personal access token) reference.", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"), + }, + }, + }, + Required: []string{"tokenRef"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, + } +} + func schema_pkg_apis_application_v1alpha1_BearerTokenBitbucketCloud(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -2835,20 +2952,6 @@ func schema_pkg_apis_application_v1alpha1_ClusterConfig(ref common.ReferenceCall Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ExecProviderConfig"), }, }, - "disableCompression": { - SchemaProps: spec.SchemaProps{ - Description: "DisableCompression bypasses automatic GZip compression requests to the server.", - Type: []string{"boolean"}, - Format: "", - }, - }, - "proxyUrl": { - SchemaProps: spec.SchemaProps{ - Description: "ProxyURL is the URL to the proxy to be used for all requests send to the server", - Type: []string{"string"}, - Format: "", - }, - }, }, Required: []string{"tlsClientConfig"}, }, @@ -3170,6 +3273,34 @@ func schema_pkg_apis_application_v1alpha1_ConfigManagementPlugin(ref common.Refe } } +func schema_pkg_apis_application_v1alpha1_ConfigMapKeyRef(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Utility struct for a reference to a configmap key.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configMapName": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"configMapName", "key"}, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_ConnectionState(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -4047,15 +4178,8 @@ func schema_pkg_apis_application_v1alpha1_KustomizeOptions(ref common.ReferenceC Format: "", }, }, - "SetNamespace": { - SchemaProps: spec.SchemaProps{ - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, }, - Required: []string{"BuildOptions", "BinaryPath", "SetNamespace"}, + Required: []string{"BuildOptions", "BinaryPath"}, }, }, } @@ -5200,12 +5324,31 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorBitbucketServer(re Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer"), }, }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "Credentials for AccessToken (Bearer auth)", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucket"), + }, + }, + "insecure": { + SchemaProps: spec.SchemaProps{ + Description: "Allow self-signed TLS / Certificates; default: false", + Type: []string{"boolean"}, + Format: "", + }, + }, + "caRef": { + SchemaProps: spec.SchemaProps{ + Description: "ConfigMap key holding the trusted certificates", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef"), + }, + }, }, Required: []string{"project", "repo", "api"}, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef"}, } } @@ -5291,12 +5434,18 @@ func schema_pkg_apis_application_v1alpha1_PullRequestGeneratorGitLab(ref common. Format: "", }, }, + "caRef": { + SchemaProps: spec.SchemaProps{ + Description: "ConfigMap key holding the trusted certificates", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef"), + }, + }, }, Required: []string{"project"}, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, } } @@ -5568,6 +5717,13 @@ func schema_pkg_apis_application_v1alpha1_RepoCreds(ref common.ReferenceCallback Format: "", }, }, + "noProxy": { + SchemaProps: spec.SchemaProps{ + Description: "NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"url"}, }, @@ -5772,6 +5928,13 @@ func schema_pkg_apis_application_v1alpha1_Repository(ref common.ReferenceCallbac Format: "", }, }, + "noProxy": { + SchemaProps: spec.SchemaProps{ + Description: "NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"repo"}, }, @@ -6413,38 +6576,6 @@ func schema_pkg_apis_application_v1alpha1_ResourceNode(ref common.ReferenceCallb Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, - "labels": { - SchemaProps: spec.SchemaProps{ - Description: "available for managed resource", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "annotations": { - SchemaProps: spec.SchemaProps{ - Description: "available for managed resource without k8s-last-applied-configuration", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, }, }, }, @@ -7182,12 +7313,31 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorBitbucketServer(re Format: "", }, }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "Credentials for AccessToken (Bearer auth)", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucket"), + }, + }, + "insecure": { + SchemaProps: spec.SchemaProps{ + Description: "Allow self-signed TLS / Certificates; default: false", + Type: []string{"boolean"}, + Format: "", + }, + }, + "caRef": { + SchemaProps: spec.SchemaProps{ + Description: "ConfigMap key holding the trusted certificates", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef"), + }, + }, }, Required: []string{"project", "api"}, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BasicAuthBitbucketServer", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.BearerTokenBitbucket", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef"}, } } @@ -7421,12 +7571,18 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorGitlab(ref common. Format: "", }, }, + "caRef": { + SchemaProps: spec.SchemaProps{ + Description: "ConfigMap key holding the trusted certificates", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef"), + }, + }, }, Required: []string{"group"}, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef"}, } } @@ -7593,26 +7749,6 @@ func schema_pkg_apis_application_v1alpha1_SyncOperation(ref common.ReferenceCall }, }, }, - "changeRevisions": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "changeRevision": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", - }, - }, }, }, }, @@ -7838,11 +7974,6 @@ func schema_pkg_apis_application_v1alpha1_SyncStatus(ref common.ReferenceCallbac }, }, "comparedTo": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-strategy": "replace", - }, - }, SchemaProps: spec.SchemaProps{ Description: "ComparedTo contains information about what has been compared", Default: map[string]interface{}{}, diff --git a/pkg/apis/application/v1alpha1/repository_types.go b/pkg/apis/application/v1alpha1/repository_types.go index 4cdfe3f9f83a0..5a30d24fbcfdb 100644 --- a/pkg/apis/application/v1alpha1/repository_types.go +++ b/pkg/apis/application/v1alpha1/repository_types.go @@ -45,6 +45,8 @@ type RepoCreds struct { Proxy string `json:"proxy,omitempty" protobuf:"bytes,19,opt,name=proxy"` // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,20,opt,name=forceHttpBasicAuth"` + // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied + NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"` } // Repository is a repository holding application configurations @@ -94,6 +96,8 @@ type Repository struct { GCPServiceAccountKey string `json:"gcpServiceAccountKey,omitempty" protobuf:"bytes,21,opt,name=gcpServiceAccountKey"` // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,22,opt,name=forceHttpBasicAuth"` + // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied + NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"` } // IsInsecure returns true if the repository has been configured to skip server verification @@ -184,6 +188,9 @@ func (repo *Repository) CopyCredentialsFrom(source *RepoCreds) { if repo.Proxy == "" { repo.Proxy = source.Proxy } + if repo.NoProxy == "" { + repo.NoProxy = source.NoProxy + } repo.ForceHttpBasicAuth = source.ForceHttpBasicAuth } } @@ -194,13 +201,13 @@ func (repo *Repository) GetGitCreds(store git.CredsStore) git.Creds { return git.NopCreds{} } if repo.Password != "" { - return git.NewHTTPSCreds(repo.Username, repo.Password, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store, repo.ForceHttpBasicAuth) + return git.NewHTTPSCreds(repo.Username, repo.Password, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, repo.NoProxy, store, repo.ForceHttpBasicAuth) } if repo.SSHPrivateKey != "" { - return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), store, repo.Proxy) + return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), store, repo.Proxy, repo.NoProxy) } if repo.GithubAppPrivateKey != "" && repo.GithubAppId != 0 && repo.GithubAppInstallationId != 0 { - return git.NewGitHubAppCreds(repo.GithubAppId, repo.GithubAppInstallationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.Repo, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store) + return git.NewGitHubAppCreds(repo.GithubAppId, repo.GithubAppInstallationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.Repo, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, repo.NoProxy, store) } if repo.GCPServiceAccountKey != "" { return git.NewGoogleCloudCreds(repo.GCPServiceAccountKey, store) diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 468c9f74e30c0..11f77bf7e92c9 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -234,7 +234,7 @@ func (a *ApplicationSpec) GetSources() ApplicationSources { } func (a *ApplicationSpec) HasMultipleSources() bool { - return a.Sources != nil && len(a.Sources) > 0 + return len(a.Sources) > 0 } func (a *ApplicationSpec) GetSourcePtrByPosition(sourcePosition int) *ApplicationSource { @@ -293,6 +293,51 @@ func (a *ApplicationSource) IsZero() bool { a.Plugin.IsZero() } +// GetNamespaceOrDefault gets the static namespace configured in the source. If none is configured, returns the given +// default. +func (a *ApplicationSource) GetNamespaceOrDefault(defaultNamespace string) string { + if a == nil { + return defaultNamespace + } + if a.Helm != nil && a.Helm.Namespace != "" { + return a.Helm.Namespace + } + if a.Kustomize != nil && a.Kustomize.Namespace != "" { + return a.Kustomize.Namespace + } + return defaultNamespace +} + +// GetKubeVersionOrDefault gets the static Kubernetes API version configured in the source. If none is configured, +// returns the given default. +func (a *ApplicationSource) GetKubeVersionOrDefault(defaultKubeVersion string) string { + if a == nil { + return defaultKubeVersion + } + if a.Helm != nil && a.Helm.KubeVersion != "" { + return a.Helm.KubeVersion + } + if a.Kustomize != nil && a.Kustomize.KubeVersion != "" { + return a.Kustomize.KubeVersion + } + return defaultKubeVersion +} + +// GetAPIVersionsOrDefault gets the static API versions list configured in the source. If none is configured, returns +// the given default. +func (a *ApplicationSource) GetAPIVersionsOrDefault(defaultAPIVersions []string) []string { + if a == nil { + return defaultAPIVersions + } + if a.Helm != nil && len(a.Helm.APIVersions) > 0 { + return a.Helm.APIVersions + } + if a.Kustomize != nil && len(a.Kustomize.APIVersions) > 0 { + return a.Kustomize.APIVersions + } + return defaultAPIVersions +} + // ApplicationSourceType specifies the type of the application's source type ApplicationSourceType string @@ -343,6 +388,14 @@ type ApplicationSourceHelm struct { // ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values. // +kubebuilder:pruning:PreserveUnknownFields ValuesObject *runtime.RawExtension `json:"valuesObject,omitempty" protobuf:"bytes,10,opt,name=valuesObject"` + // Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + Namespace string `json:"namespace,omitempty" protobuf:"bytes,11,opt,name=namespace"` + // KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + // uses the Kubernetes version of the target cluster. + KubeVersion string `json:"kubeVersion,omitempty" protobuf:"bytes,12,opt,name=kubeVersion"` + // APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + // Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + APIVersions []string `json:"apiVersions,omitempty" protobuf:"bytes,13,opt,name=apiVersions"` } // HelmParameter is a parameter that's passed to helm template during manifest generation @@ -424,7 +477,7 @@ func (in *ApplicationSourceHelm) AddFileParameter(p HelmFileParameter) { // IsZero Returns true if the Helm options in an application source are considered zero func (h *ApplicationSourceHelm) IsZero() bool { - return h == nil || (h.Version == "") && (h.ReleaseName == "") && len(h.ValueFiles) == 0 && len(h.Parameters) == 0 && len(h.FileParameters) == 0 && h.ValuesIsEmpty() && !h.PassCredentials && !h.IgnoreMissingValueFiles && !h.SkipCrds + return h == nil || (h.Version == "") && (h.ReleaseName == "") && len(h.ValueFiles) == 0 && len(h.Parameters) == 0 && len(h.FileParameters) == 0 && h.ValuesIsEmpty() && !h.PassCredentials && !h.IgnoreMissingValueFiles && !h.SkipCrds && h.KubeVersion == "" && len(h.APIVersions) == 0 && h.Namespace == "" } // KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: @@ -493,6 +546,12 @@ type ApplicationSourceKustomize struct { Components []string `json:"components,omitempty" protobuf:"bytes,14,rep,name=components"` // LabelWithoutSelector specifies whether to apply common labels to resource selectors or not LabelWithoutSelector bool `json:"labelWithoutSelector,omitempty" protobuf:"bytes,15,opt,name=labelWithoutSelector"` + // KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + // uses the Kubernetes version of the target cluster. + KubeVersion string `json:"kubeVersion,omitempty" protobuf:"bytes,16,opt,name=kubeVersion"` + // APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + // Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + APIVersions []string `json:"apiVersions,omitempty" protobuf:"bytes,17,opt,name=apiVersions"` } type KustomizeReplica struct { @@ -599,6 +658,8 @@ func (k *ApplicationSourceKustomize) IsZero() bool { len(k.CommonAnnotations) == 0 && len(k.Patches) == 0 && len(k.Components) == 0 && + k.KubeVersion == "" && + len(k.APIVersions) == 0 && !k.ForceNamespace } @@ -612,7 +673,7 @@ func (k *ApplicationSourceKustomize) MergeImage(image KustomizeImage) { } } -// MergeReplicas merges a new Kustomize replica identifier in to a list of replicas +// MergeReplica merges a new Kustomize replica identifier in to a list of replicas func (k *ApplicationSourceKustomize) MergeReplica(replica KustomizeReplica) { i := k.Replicas.FindByName(replica.Name) if i >= 0 { @@ -940,6 +1001,14 @@ type ApplicationDestination struct { // nolint:govet isServerInferred bool `json:"-"` + // nolint:govet + isNameInferred bool `json:"-"` +} + +// SetIsServerInferred sets the isServerInferred flag. This is used to allow comparison between two destinations where +// one server is inferred and the other is not. +func (d *ApplicationDestination) SetIsServerInferred(inferred bool) { + d.isServerInferred = inferred } type ResourceHealthLocation string @@ -996,15 +1065,15 @@ func (a *ApplicationStatus) GetRevisions() []string { // BuildComparedToStatus will build a ComparedTo object based on the current // Application state. -func (app *Application) BuildComparedToStatus() ComparedTo { +func (spec *ApplicationSpec) BuildComparedToStatus() ComparedTo { ct := ComparedTo{ - Destination: app.Spec.Destination, - IgnoreDifferences: app.Spec.IgnoreDifferences, + Destination: spec.Destination, + IgnoreDifferences: spec.IgnoreDifferences, } - if app.Spec.HasMultipleSources() { - ct.Sources = app.Spec.Sources + if spec.HasMultipleSources() { + ct.Sources = spec.Sources } else { - ct.Source = app.Spec.GetSource() + ct.Source = spec.GetSource() } return ct } @@ -1113,9 +1182,11 @@ type SyncOperation struct { Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,10,opt,name=sources"` // Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to // If omitted, will use the revision specified in app spec. - Revisions []string `json:"revisions,omitempty" protobuf:"bytes,11,opt,name=revisions"` - ChangeRevisions []string `json:"changeRevisions,omitempty" protobuf:"-"` - ChangeRevision string `json:"changeRevision,omitempty" protobuf:"-"` + Revisions []string `json:"revisions,omitempty" protobuf:"bytes,11,opt,name=revisions"` + // SelfHealAttemptsCount contains the number of auto-heal attempts + SelfHealAttemptsCount int64 `json:"autoHealAttemptsCount,omitempty" protobuf:"bytes,12,opt,name=autoHealAttemptsCount"` + ChangeRevisions []string `json:"changeRevisions,omitempty" protobuf:"-"` + ChangeRevision string `json:"changeRevision,omitempty" protobuf:"-"` } // IsApplyStrategy returns true if the sync strategy is "apply" @@ -1465,7 +1536,7 @@ type SyncStatusCode string const ( // SyncStatusCodeUnknown indicates that the status of a sync could not be reliably determined SyncStatusCodeUnknown SyncStatusCode = "Unknown" - // SyncStatusCodeOutOfSync indicates that desired and live states match + // SyncStatusCodeSynced indicates that desired and live states match SyncStatusCodeSynced SyncStatusCode = "Synced" // SyncStatusCodeOutOfSync indicates that there is a drift between desired and live states SyncStatusCodeOutOfSync SyncStatusCode = "OutOfSync" @@ -1525,8 +1596,7 @@ type SyncStatus struct { // Status is the sync state of the comparison Status SyncStatusCode `json:"status" protobuf:"bytes,1,opt,name=status,casttype=SyncStatusCode"` // ComparedTo contains information about what has been compared - // +patchStrategy=replace - ComparedTo ComparedTo `json:"comparedTo,omitempty" protobuf:"bytes,2,opt,name=comparedTo" patchStrategy:"replace"` + ComparedTo ComparedTo `json:"comparedTo,omitempty" protobuf:"bytes,2,opt,name=comparedTo"` // Revision contains information about the revision the comparison has been performed to Revision string `json:"revision,omitempty" protobuf:"bytes,3,opt,name=revision"` // Revisions contains information about the revisions of multiple sources the comparison has been performed to @@ -1586,6 +1656,60 @@ type ApplicationTree struct { OrphanedNodes []ResourceNode `json:"orphanedNodes,omitempty" protobuf:"bytes,2,rep,name=orphanedNodes"` // Hosts holds list of Kubernetes nodes that run application related pods Hosts []HostInfo `json:"hosts,omitempty" protobuf:"bytes,3,rep,name=hosts"` + // ShardsCount contains total number of shards the application tree is split into + ShardsCount int64 `json:"shardsCount,omitempty" protobuf:"bytes,4,opt,name=shardsCount"` +} + +func (t *ApplicationTree) Merge(other *ApplicationTree) { + t.Nodes = append(t.Nodes, other.Nodes...) + t.OrphanedNodes = append(t.OrphanedNodes, other.OrphanedNodes...) + t.Hosts = append(t.Hosts, other.Hosts...) + t.Normalize() +} + +// GetShards split application tree into shards with populated metadata +func (t *ApplicationTree) GetShards(size int64) []*ApplicationTree { + t.Normalize() + if size == 0 { + return []*ApplicationTree{t} + } + + var items []func(*ApplicationTree) + for i := range t.Nodes { + item := t.Nodes[i] + items = append(items, func(shard *ApplicationTree) { + shard.Nodes = append(shard.Nodes, item) + }) + } + for i := range t.OrphanedNodes { + item := t.OrphanedNodes[i] + items = append(items, func(shard *ApplicationTree) { + shard.OrphanedNodes = append(shard.OrphanedNodes, item) + }) + } + for i := range t.Hosts { + item := t.Hosts[i] + items = append(items, func(shard *ApplicationTree) { + shard.Hosts = append(shard.Hosts, item) + }) + } + var shards []*ApplicationTree + for len(items) > 0 { + shard := &ApplicationTree{} + shards = append(shards, shard) + cnt := 0 + for i := int64(0); i < size && i < int64(len(items)); i++ { + items[i](shard) + cnt++ + } + items = items[cnt:] + } + if len(shards) > 0 { + shards[0].ShardsCount = int64(len(shards)) + } else { + shards = []*ApplicationTree{{ShardsCount: 0}} + } + return shards } // Normalize sorts application tree nodes and hosts. The persistent order allows to @@ -2091,8 +2215,9 @@ func (o *ResourceOverride) GetActions() (ResourceActions, error) { // TODO: describe this type // TODO: describe members of this type type ResourceActions struct { - ActionDiscoveryLua string `json:"discovery.lua,omitempty" yaml:"discovery.lua,omitempty" protobuf:"bytes,1,opt,name=actionDiscoveryLua"` - Definitions []ResourceActionDefinition `json:"definitions,omitempty" protobuf:"bytes,2,rep,name=definitions"` + ActionDiscoveryLua string `json:"discovery.lua,omitempty" yaml:"discovery.lua,omitempty" protobuf:"bytes,1,opt,name=actionDiscoveryLua"` + Definitions []ResourceActionDefinition `json:"definitions,omitempty" protobuf:"bytes,2,rep,name=definitions"` + MergeBuiltinActions bool `json:"mergeBuiltinActions,omitempty" yaml:"mergeBuiltinActions,omitempty" protobuf:"bytes,3,opt,name=mergeBuiltinActions"` } // TODO: describe this type @@ -2292,6 +2417,8 @@ type AppProjectSpec struct { SourceNamespaces []string `json:"sourceNamespaces,omitempty" protobuf:"bytes,12,opt,name=sourceNamespaces"` // PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped PermitOnlyProjectScopedClusters bool `json:"permitOnlyProjectScopedClusters,omitempty" protobuf:"bytes,13,opt,name=permitOnlyProjectScopedClusters"` + // DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination. + DestinationServiceAccounts []ApplicationDestinationServiceAccount `json:"destinationServiceAccounts,omitempty" protobuf:"bytes,14,name=destinationServiceAccounts"` } // SyncWindows is a collection of sync windows in this project @@ -2323,11 +2450,11 @@ func (s *SyncWindows) HasWindows() bool { } // Active returns a list of sync windows that are currently active -func (s *SyncWindows) Active() *SyncWindows { +func (s *SyncWindows) Active() (*SyncWindows, error) { return s.active(time.Now()) } -func (s *SyncWindows) active(currentTime time.Time) *SyncWindows { +func (s *SyncWindows) active(currentTime time.Time) (*SyncWindows, error) { // If SyncWindows.Active() is called outside of a UTC locale, it should be // first converted to UTC before we scan through the SyncWindows. currentTime = currentTime.In(time.UTC) @@ -2336,8 +2463,14 @@ func (s *SyncWindows) active(currentTime time.Time) *SyncWindows { var active SyncWindows specParser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow) for _, w := range *s { - schedule, _ := specParser.Parse(w.Schedule) - duration, _ := time.ParseDuration(w.Duration) + schedule, sErr := specParser.Parse(w.Schedule) + if sErr != nil { + return nil, fmt.Errorf("cannot parse schedule '%s': %w", w.Schedule, sErr) + } + duration, dErr := time.ParseDuration(w.Duration) + if dErr != nil { + return nil, fmt.Errorf("cannot parse duration '%s': %w", w.Duration, dErr) + } // Offset the nextWindow time to consider the timeZone of the sync window timeZoneOffsetDuration := w.scheduleOffsetByTimeZone() @@ -2347,20 +2480,20 @@ func (s *SyncWindows) active(currentTime time.Time) *SyncWindows { } } if len(active) > 0 { - return &active + return &active, nil } } - return nil + return nil, nil } // InactiveAllows will iterate over the SyncWindows and return all inactive allow windows // for the current time. If the current time is in an inactive allow window, syncs will // be denied. -func (s *SyncWindows) InactiveAllows() *SyncWindows { +func (s *SyncWindows) InactiveAllows() (*SyncWindows, error) { return s.inactiveAllows(time.Now()) } -func (s *SyncWindows) inactiveAllows(currentTime time.Time) *SyncWindows { +func (s *SyncWindows) inactiveAllows(currentTime time.Time) (*SyncWindows, error) { // If SyncWindows.InactiveAllows() is called outside of a UTC locale, it should be // first converted to UTC before we scan through the SyncWindows. currentTime = currentTime.In(time.UTC) @@ -2371,21 +2504,27 @@ func (s *SyncWindows) inactiveAllows(currentTime time.Time) *SyncWindows { for _, w := range *s { if w.Kind == "allow" { schedule, sErr := specParser.Parse(w.Schedule) + if sErr != nil { + return nil, fmt.Errorf("cannot parse schedule '%s': %w", w.Schedule, sErr) + } duration, dErr := time.ParseDuration(w.Duration) + if dErr != nil { + return nil, fmt.Errorf("cannot parse duration '%s': %w", w.Duration, dErr) + } // Offset the nextWindow time to consider the timeZone of the sync window timeZoneOffsetDuration := w.scheduleOffsetByTimeZone() nextWindow := schedule.Next(currentTime.Add(timeZoneOffsetDuration - duration)) - if !nextWindow.Before(currentTime.Add(timeZoneOffsetDuration)) && sErr == nil && dErr == nil { + if !nextWindow.Before(currentTime.Add(timeZoneOffsetDuration)) { inactive = append(inactive, w) } } } if len(inactive) > 0 { - return &inactive + return &inactive, nil } } - return nil + return nil, nil } func (w *SyncWindow) scheduleOffsetByTimeZone() time.Duration { @@ -2489,36 +2628,42 @@ func (w *SyncWindows) Matches(app *Application) *SyncWindows { } // CanSync returns true if a sync window currently allows a sync. isManual indicates whether the sync has been triggered manually. -func (w *SyncWindows) CanSync(isManual bool) bool { +func (w *SyncWindows) CanSync(isManual bool) (bool, error) { if !w.HasWindows() { - return true + return true, nil } - active := w.Active() + active, err := w.Active() + if err != nil { + return false, fmt.Errorf("invalid sync windows: %w", err) + } hasActiveDeny, manualEnabled := active.hasDeny() if hasActiveDeny { if isManual && manualEnabled { - return true + return true, nil } else { - return false + return false, nil } } if active.hasAllow() { - return true + return true, nil } - inactiveAllows := w.InactiveAllows() + inactiveAllows, err := w.InactiveAllows() + if err != nil { + return false, fmt.Errorf("invalid sync windows: %w", err) + } if inactiveAllows.HasWindows() { if isManual && inactiveAllows.manualEnabled() { - return true + return true, nil } else { - return false + return false, nil } } - return true + return true, nil } // hasDeny will iterate over the SyncWindows and return if a deny window is found and if @@ -2573,24 +2718,30 @@ func (w *SyncWindows) manualEnabled() bool { } // Active returns true if the sync window is currently active -func (w SyncWindow) Active() bool { +func (w SyncWindow) Active() (bool, error) { return w.active(time.Now()) } -func (w SyncWindow) active(currentTime time.Time) bool { +func (w SyncWindow) active(currentTime time.Time) (bool, error) { // If SyncWindow.Active() is called outside of a UTC locale, it should be // first converted to UTC before search currentTime = currentTime.UTC() specParser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow) - schedule, _ := specParser.Parse(w.Schedule) - duration, _ := time.ParseDuration(w.Duration) + schedule, sErr := specParser.Parse(w.Schedule) + if sErr != nil { + return false, fmt.Errorf("cannot parse schedule '%s': %w", w.Schedule, sErr) + } + duration, dErr := time.ParseDuration(w.Duration) + if dErr != nil { + return false, fmt.Errorf("cannot parse duration '%s': %w", w.Duration, dErr) + } // Offset the nextWindow time to consider the timeZone of the sync window timeZoneOffsetDuration := w.scheduleOffsetByTimeZone() nextWindow := schedule.Next(currentTime.Add(timeZoneOffsetDuration - duration)) - return nextWindow.Before(currentTime.Add(timeZoneOffsetDuration)) + return nextWindow.Before(currentTime.Add(timeZoneOffsetDuration)), nil } // Update updates a sync window's settings with the given parameter @@ -2710,6 +2861,16 @@ type KustomizeOptions struct { SetNamespace bool `protobuf:"varint,3,opt,name=setNamespace"` } +// ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation. +type ApplicationDestinationServiceAccount struct { + // Server specifies the URL of the target cluster's Kubernetes control plane API. + Server string `json:"server" protobuf:"bytes,1,opt,name=server"` + // Namespace specifies the target namespace for the application's resources. + Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"` + // DefaultServiceAccount to be used for impersonation during the sync operation + DefaultServiceAccount string `json:"defaultServiceAccount" protobuf:"bytes,3,opt,name=defaultServiceAccount"` +} + // CascadedDeletion indicates if the deletion finalizer is set and controller should delete the application and it's cascaded resources func (app *Application) CascadedDeletion() bool { for _, finalizer := range app.ObjectMeta.Finalizers { @@ -2936,6 +3097,17 @@ func (dest ApplicationDestination) Equals(other ApplicationDestination) bool { other.Server = "" other.isServerInferred = false } + + if dest.isNameInferred { + dest.Name = "" + dest.isNameInferred = false + } + + if other.isNameInferred { + other.Name = "" + other.isNameInferred = false + } + return reflect.DeepEqual(dest, other) } @@ -3015,9 +3187,6 @@ func SetK8SConfigDefaults(config *rest.Config) error { DisableCompression: config.DisableCompression, IdleConnTimeout: K8sTCPIdleConnTimeout, }) - if config.Proxy != nil { - transport.Proxy = config.Proxy - } tr, err := rest.HTTPWrappersForConfig(config, transport) if err != nil { return err @@ -3142,14 +3311,6 @@ func (c *Cluster) RawRestConfig() *rest.Config { if err != nil { panic(fmt.Sprintf("Unable to create K8s REST config: %v", err)) } - if c.Config.ProxyUrl != "" { - u, err := ParseProxyUrl(c.Config.ProxyUrl) - if err != nil { - panic(fmt.Sprintf("Unable to create K8s REST config, can`t parse proxy url: %v", err)) - } - config.Proxy = http.ProxyURL(u) - } - config.DisableCompression = c.Config.DisableCompression config.Timeout = K8sServerSideTimeout config.QPS = K8sClientConfigQPS config.Burst = K8sClientConfigBurst @@ -3195,6 +3356,12 @@ func (d *ApplicationDestination) SetInferredServer(server string) { d.Server = server } +// SetInferredName sets the Name field of the destination. See IsNameInferred() for details. +func (d *ApplicationDestination) SetInferredName(name string) { + d.isNameInferred = true + d.Name = name +} + // An ApplicationDestination has an 'inferred server' if the ApplicationDestination // contains a Name, but not a Server URL. In this case it is necessary to retrieve // the Server URL by looking up the cluster name. @@ -3205,6 +3372,10 @@ func (d *ApplicationDestination) IsServerInferred() bool { return d.isServerInferred } +func (d *ApplicationDestination) IsNameInferred() bool { + return d.isNameInferred +} + // MarshalJSON marshals an application destination to JSON format func (d *ApplicationDestination) MarshalJSON() ([]byte, error) { type Alias ApplicationDestination @@ -3213,6 +3384,11 @@ func (d *ApplicationDestination) MarshalJSON() ([]byte, error) { dest = dest.DeepCopy() dest.Server = "" } + if d.isNameInferred { + dest = dest.DeepCopy() + dest.Name = "" + } + return json.Marshal(&struct{ *Alias }{Alias: (*Alias)(dest)}) } diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index fcfd682536a46..056760fb0d1e7 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -7,7 +7,6 @@ import ( "os" "path" "reflect" - "strings" "testing" "time" @@ -440,7 +439,7 @@ func TestAppProject_IsDestinationPermitted_PermitOnlyProjectScopedClusters(t *te return nil, errors.New("some error") }) require.Error(t, err) - assert.True(t, strings.Contains(err.Error(), "could not retrieve project clusters")) + assert.Contains(t, err.Error(), "could not retrieve project clusters") } func TestAppProject_IsGroupKindPermitted(t *testing.T) { @@ -884,6 +883,153 @@ func TestAppSourceEquality(t *testing.T) { assert.False(t, left.Equals(right)) } +func TestAppSource_GetKubeVersionOrDefault(t *testing.T) { + defaultKV := "999.999.999" + cases := []struct { + name string + source *ApplicationSource + expect string + }{ + { + "nil source returns default", + nil, + defaultKV, + }, + { + "source without Helm or Kustomize returns default", + &ApplicationSource{}, + defaultKV, + }, + { + "source with empty Helm returns default", + &ApplicationSource{Helm: &ApplicationSourceHelm{}}, + defaultKV, + }, + { + "source with empty Kustomize returns default", + &ApplicationSource{Kustomize: &ApplicationSourceKustomize{}}, + defaultKV, + }, + { + "source with Helm override returns override", + &ApplicationSource{Helm: &ApplicationSourceHelm{KubeVersion: "1.2.3"}}, + "1.2.3", + }, + { + "source with Kustomize override returns override", + &ApplicationSource{Kustomize: &ApplicationSourceKustomize{KubeVersion: "1.2.3"}}, + "1.2.3", + }, + } + + for _, tc := range cases { + tcc := tc + t.Run(tcc.name, func(t *testing.T) { + t.Parallel() + kv := tcc.source.GetKubeVersionOrDefault(defaultKV) + assert.Equal(t, tcc.expect, kv) + }) + } +} + +func TestAppSource_GetAPIVersionsOrDefault(t *testing.T) { + defaultAPIVersions := []string{"v1", "v2"} + cases := []struct { + name string + source *ApplicationSource + expect []string + }{ + { + "nil source returns default", + nil, + defaultAPIVersions, + }, + { + "source without Helm or Kustomize returns default", + &ApplicationSource{}, + defaultAPIVersions, + }, + { + "source with empty Helm returns default", + &ApplicationSource{Helm: &ApplicationSourceHelm{}}, + defaultAPIVersions, + }, + { + "source with empty Kustomize returns default", + &ApplicationSource{Kustomize: &ApplicationSourceKustomize{}}, + defaultAPIVersions, + }, + { + "source with Helm override returns override", + &ApplicationSource{Helm: &ApplicationSourceHelm{APIVersions: []string{"v3", "v4"}}}, + []string{"v3", "v4"}, + }, + { + "source with Kustomize override returns override", + &ApplicationSource{Kustomize: &ApplicationSourceKustomize{APIVersions: []string{"v3", "v4"}}}, + []string{"v3", "v4"}, + }, + } + + for _, tc := range cases { + tcc := tc + t.Run(tcc.name, func(t *testing.T) { + t.Parallel() + kv := tcc.source.GetAPIVersionsOrDefault(defaultAPIVersions) + assert.Equal(t, tcc.expect, kv) + }) + } +} + +func TestAppSource_GetNamespaceOrDefault(t *testing.T) { + defaultNS := "default" + cases := []struct { + name string + source *ApplicationSource + expect string + }{ + { + "nil source returns default", + nil, + defaultNS, + }, + { + "source without Helm or Kustomize returns default", + &ApplicationSource{}, + defaultNS, + }, + { + "source with empty Helm returns default", + &ApplicationSource{Helm: &ApplicationSourceHelm{}}, + defaultNS, + }, + { + "source with empty Kustomize returns default", + &ApplicationSource{Kustomize: &ApplicationSourceKustomize{}}, + defaultNS, + }, + { + "source with Helm override returns override", + &ApplicationSource{Helm: &ApplicationSourceHelm{Namespace: "not-default"}}, + "not-default", + }, + { + "source with Kustomize override returns override", + &ApplicationSource{Kustomize: &ApplicationSourceKustomize{Namespace: "not-default"}}, + "not-default", + }, + } + + for _, tc := range cases { + tcc := tc + t.Run(tcc.name, func(t *testing.T) { + t.Parallel() + kv := tcc.source.GetNamespaceOrDefault(defaultNS) + assert.Equal(t, tcc.expect, kv) + }) + } +} + func TestAppDestinationEquality(t *testing.T) { left := &ApplicationDestination{ Server: "https://kubernetes.default.svc", @@ -1122,6 +1268,7 @@ func TestRepository_CopyCredentialsFrom(t *testing.T) { {"SourceSSHPrivateKey", &Repository{}, &RepoCreds{SSHPrivateKey: "foo"}, Repository{SSHPrivateKey: "foo"}}, {"SourceTLSClientCertData", &Repository{}, &RepoCreds{TLSClientCertData: "foo"}, Repository{TLSClientCertData: "foo"}}, {"SourceTLSClientCertKey", &Repository{}, &RepoCreds{TLSClientCertKey: "foo"}, Repository{TLSClientCertKey: "foo"}}, + {"SourceContainsProxy", &Repository{}, &RepoCreds{Proxy: "http://proxy.argoproj.io:3128", NoProxy: ".example.com"}, Repository{Proxy: "http://proxy.argoproj.io:3128", NoProxy: ".example.com"}}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -1631,7 +1778,9 @@ func TestSyncWindows_HasWindows(t *testing.T) { func TestSyncWindows_Active(t *testing.T) { t.Run("WithTestProject", func(t *testing.T) { proj := newTestProjectWithSyncWindows() - assert.Len(t, *proj.Spec.SyncWindows.Active(), 1) + activeWindows, err := proj.Spec.SyncWindows.Active() + require.NoError(t, err) + assert.Len(t, *activeWindows, 1) }) syncWindow := func(kind string, schedule string, duration string, timeZone string) *SyncWindow { @@ -1658,6 +1807,7 @@ func TestSyncWindows_Active(t *testing.T) { currentTime time.Time matchingIndex int expectedLength int + isErr bool }{ { name: "MatchFirst", @@ -1765,11 +1915,36 @@ func TestSyncWindows_Active(t *testing.T) { matchingIndex: 0, expectedLength: 1, }, + { + name: "MatchNone-InvalidSchedule", + syncWindow: SyncWindows{ + syncWindow("allow", "* 10 * * 7", "3h", ""), + syncWindow("allow", "* 11 * * 7", "3h", ""), + }, + currentTime: timeWithHour(12, time.UTC), + expectedLength: 0, + isErr: true, + }, + { + name: "MatchNone-InvalidDuration", + syncWindow: SyncWindows{ + syncWindow("allow", "* 10 * * *", "3a", ""), + syncWindow("allow", "* 11 * * *", "3a", ""), + }, + currentTime: timeWithHour(12, time.UTC), + expectedLength: 0, + isErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - result := tt.syncWindow.active(tt.currentTime) + result, err := tt.syncWindow.active(tt.currentTime) + if tt.isErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } if result == nil { result = &SyncWindows{} } @@ -1786,7 +1961,9 @@ func TestSyncWindows_InactiveAllows(t *testing.T) { t.Run("WithTestProject", func(t *testing.T) { proj := newTestProjectWithSyncWindows() proj.Spec.SyncWindows[0].Schedule = "0 0 1 1 1" - assert.Len(t, *proj.Spec.SyncWindows.InactiveAllows(), 1) + inactiveAllowWindows, err := proj.Spec.SyncWindows.InactiveAllows() + require.NoError(t, err) + assert.Len(t, *inactiveAllowWindows, 1) }) syncWindow := func(kind string, schedule string, duration string, timeZone string) *SyncWindow { @@ -1813,6 +1990,7 @@ func TestSyncWindows_InactiveAllows(t *testing.T) { currentTime time.Time matchingIndex int expectedLength int + isErr bool }{ { name: "MatchFirst", @@ -1938,11 +2116,34 @@ func TestSyncWindows_InactiveAllows(t *testing.T) { matchingIndex: 0, expectedLength: 1, }, + { + name: "MatchNone-InvalidSchedule", + syncWindow: SyncWindows{ + syncWindow("allow", "* 10 * * 7", "2h", ""), + }, + currentTime: timeWithHour(17, time.UTC), + expectedLength: 0, + isErr: true, + }, + { + name: "MatchNone-InvalidDuration", + syncWindow: SyncWindows{ + syncWindow("allow", "* 10 * * *", "2a", ""), + }, + currentTime: timeWithHour(17, time.UTC), + expectedLength: 0, + isErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - result := tt.syncWindow.inactiveAllows(tt.currentTime) + result, err := tt.syncWindow.inactiveAllows(tt.currentTime) + if tt.isErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } if result == nil { result = &SyncWindows{} } @@ -2053,9 +2254,10 @@ func TestSyncWindows_CanSync(t *testing.T) { proj := newProjectBuilder().withInactiveDenyWindow(true).build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will allow manual sync if inactive-deny-window set with manual false", func(t *testing.T) { @@ -2064,9 +2266,10 @@ func TestSyncWindows_CanSync(t *testing.T) { proj := newProjectBuilder().withInactiveDenyWindow(false).build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will deny manual sync if one inactive-allow-windows set with manual false", func(t *testing.T) { @@ -2078,9 +2281,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will allow manual sync if on active-allow-window set with manual true", func(t *testing.T) { @@ -2091,9 +2295,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will allow manual sync if on active-allow-window set with manual false", func(t *testing.T) { @@ -2104,9 +2309,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will allow auto sync if on active-allow-window", func(t *testing.T) { @@ -2117,9 +2323,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will allow manual sync active-allow and inactive-deny", func(t *testing.T) { @@ -2131,9 +2338,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will allow auto sync active-allow and inactive-deny", func(t *testing.T) { @@ -2145,9 +2353,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will deny manual sync inactive-allow", func(t *testing.T) { @@ -2158,9 +2367,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny auto sync inactive-allow", func(t *testing.T) { @@ -2171,9 +2381,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will allow manual sync inactive-allow with ManualSync enabled", func(t *testing.T) { @@ -2184,9 +2395,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will deny auto sync inactive-allow with ManualSync enabled", func(t *testing.T) { @@ -2197,9 +2409,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny manual sync with inactive-allow and inactive-deny", func(t *testing.T) { @@ -2211,9 +2424,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny auto sync with inactive-allow and inactive-deny", func(t *testing.T) { @@ -2225,9 +2439,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will allow auto sync with active-allow and inactive-allow", func(t *testing.T) { @@ -2239,9 +2454,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will deny manual sync with active-deny", func(t *testing.T) { @@ -2252,9 +2468,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny auto sync with active-deny", func(t *testing.T) { @@ -2265,9 +2482,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will allow manual sync with active-deny with ManualSync enabled", func(t *testing.T) { @@ -2278,9 +2496,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will deny auto sync with active-deny with ManualSync enabled", func(t *testing.T) { @@ -2291,9 +2510,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny manual sync with many active-deny having one with ManualSync disabled", func(t *testing.T) { @@ -2307,9 +2527,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny auto sync with many active-deny having one with ManualSync disabled", func(t *testing.T) { @@ -2323,9 +2544,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will deny manual sync with active-deny and active-allow windows with ManualSync disabled", func(t *testing.T) { @@ -2337,9 +2559,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.False(t, canSync) }) t.Run("will allow manual sync with active-deny and active-allow windows with ManualSync enabled", func(t *testing.T) { @@ -2351,9 +2574,10 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(true) + canSync, err := proj.Spec.SyncWindows.CanSync(true) // then + require.NoError(t, err) assert.True(t, canSync) }) t.Run("will deny auto sync with active-deny and active-allow windows with ManualSync enabled", func(t *testing.T) { @@ -2365,9 +2589,24 @@ func TestSyncWindows_CanSync(t *testing.T) { build() // when - canSync := proj.Spec.SyncWindows.CanSync(false) + canSync, err := proj.Spec.SyncWindows.CanSync(false) + + // then + require.NoError(t, err) + assert.False(t, canSync) + }) + t.Run("will deny and return error with invalid windows", func(t *testing.T) { + // given + t.Parallel() + proj := newProjectBuilder(). + withInvalidWindows(). + build() + + // when + canSync, err := proj.Spec.SyncWindows.CanSync(false) // then + require.Error(t, err) assert.False(t, canSync) }) } @@ -2417,8 +2656,9 @@ func TestSyncWindows_hasAllow(t *testing.T) { func TestSyncWindow_Active(t *testing.T) { window := &SyncWindow{Schedule: "* * * * *", Duration: "1h"} t.Run("ActiveWindow", func(t *testing.T) { - window.Active() - assert.True(t, window.Active()) + isActive, err := window.Active() + require.NoError(t, err) + assert.True(t, isActive) }) syncWindow := func(kind string, schedule string, duration string) SyncWindow { @@ -2443,6 +2683,7 @@ func TestSyncWindow_Active(t *testing.T) { syncWindow SyncWindow currentTime time.Time expectedResult bool + isErr bool }{ { name: "Allow-active", @@ -2492,11 +2733,44 @@ func TestSyncWindow_Active(t *testing.T) { currentTime: timeWithHour(13-4, utcM4Zone), expectedResult: false, }, + { + name: "Allow-inactive-InvalidSchedule", + syncWindow: syncWindow("allow", "* 10 * * 7", "2h"), + currentTime: timeWithHour(11, time.UTC), + expectedResult: false, + isErr: true, + }, + { + name: "Deny-inactive-InvalidSchedule", + syncWindow: syncWindow("deny", "* 10 * * 7", "2h"), + currentTime: timeWithHour(11, time.UTC), + expectedResult: false, + isErr: true, + }, + { + name: "Allow-inactive-InvalidDuration", + syncWindow: syncWindow("allow", "* 10 * * *", "2a"), + currentTime: timeWithHour(11, time.UTC), + expectedResult: false, + isErr: true, + }, + { + name: "Deny-inactive-InvalidDuration", + syncWindow: syncWindow("deny", "* 10 * * *", "2a"), + currentTime: timeWithHour(11, time.UTC), + expectedResult: false, + isErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - result := tt.syncWindow.active(tt.currentTime) + result, err := tt.syncWindow.active(tt.currentTime) + if tt.isErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } assert.Equal(t, tt.expectedResult, result) }) } @@ -2608,6 +2882,16 @@ func (b *projectBuilder) withInactiveDenyWindow(allowManual bool) *projectBuilde return b } +func (b *projectBuilder) withInvalidWindows() *projectBuilder { + b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, + newSyncWindow("allow", "* 10 * * 7", false), + newSyncWindow("deny", "* 10 * * 7", false), + newSyncWindow("allow", "* 10 * * 7", true), + newSyncWindow("deny", "* 10 * * 7", true), + ) + return b +} + func inactiveCronSchedule() string { hourPlus10, _, _ := time.Now().Add(10 * time.Hour).Clock() return fmt.Sprintf("0 %d * * *", hourPlus10) @@ -3742,3 +4026,228 @@ func TestApplicationSpec_GetSourcePtrByIndex(t *testing.T) { }) } } + +func TestApplicationTree_GetShards(t *testing.T) { + tree := &ApplicationTree{ + Nodes: []ResourceNode{ + {ResourceRef: ResourceRef{Name: "node 1"}}, {ResourceRef: ResourceRef{Name: "node 2"}}, {ResourceRef: ResourceRef{Name: "node 3"}}, + }, + OrphanedNodes: []ResourceNode{ + {ResourceRef: ResourceRef{Name: "orph-node 1"}}, {ResourceRef: ResourceRef{Name: "orph-node 2"}}, {ResourceRef: ResourceRef{Name: "orph-node 3"}}, + }, + Hosts: []HostInfo{ + {Name: "host 1"}, {Name: "host 2"}, {Name: "host 3"}, + }, + } + + shards := tree.GetShards(2) + require.Len(t, shards, 5) + require.Equal(t, &ApplicationTree{ + ShardsCount: 5, + Nodes: []ResourceNode{ + {ResourceRef: ResourceRef{Name: "node 1"}}, {ResourceRef: ResourceRef{Name: "node 2"}}, + }, + }, shards[0]) + require.Equal(t, &ApplicationTree{ + Nodes: []ResourceNode{{ResourceRef: ResourceRef{Name: "node 3"}}}, + OrphanedNodes: []ResourceNode{{ResourceRef: ResourceRef{Name: "orph-node 1"}}}, + }, shards[1]) + require.Equal(t, &ApplicationTree{ + OrphanedNodes: []ResourceNode{{ResourceRef: ResourceRef{Name: "orph-node 2"}}, {ResourceRef: ResourceRef{Name: "orph-node 3"}}}, + }, shards[2]) + require.Equal(t, &ApplicationTree{ + Hosts: []HostInfo{{Name: "host 1"}, {Name: "host 2"}}, + }, shards[3]) + require.Equal(t, &ApplicationTree{ + Hosts: []HostInfo{{Name: "host 3"}}, + }, shards[4]) +} + +func TestApplicationTree_Merge(t *testing.T) { + tree := &ApplicationTree{} + tree.Merge(&ApplicationTree{ + ShardsCount: 5, + Nodes: []ResourceNode{ + {ResourceRef: ResourceRef{Name: "node 1"}}, {ResourceRef: ResourceRef{Name: "node 2"}}, + }, + }) + tree.Merge(&ApplicationTree{ + Nodes: []ResourceNode{{ResourceRef: ResourceRef{Name: "node 3"}}}, + OrphanedNodes: []ResourceNode{{ResourceRef: ResourceRef{Name: "orph-node 1"}}}, + }) + tree.Merge(&ApplicationTree{ + OrphanedNodes: []ResourceNode{{ResourceRef: ResourceRef{Name: "orph-node 2"}}, {ResourceRef: ResourceRef{Name: "orph-node 3"}}}, + }) + tree.Merge(&ApplicationTree{ + Hosts: []HostInfo{{Name: "host 1"}, {Name: "host 2"}}, + }) + tree.Merge(&ApplicationTree{ + Hosts: []HostInfo{{Name: "host 3"}}, + }) + require.Equal(t, &ApplicationTree{ + Nodes: []ResourceNode{ + {ResourceRef: ResourceRef{Name: "node 1"}}, {ResourceRef: ResourceRef{Name: "node 2"}}, {ResourceRef: ResourceRef{Name: "node 3"}}, + }, + OrphanedNodes: []ResourceNode{ + {ResourceRef: ResourceRef{Name: "orph-node 1"}}, {ResourceRef: ResourceRef{Name: "orph-node 2"}}, {ResourceRef: ResourceRef{Name: "orph-node 3"}}, + }, + Hosts: []HostInfo{ + {Name: "host 1"}, {Name: "host 2"}, {Name: "host 3"}, + }, + }, tree) +} + +func TestAppProject_ValidateDestinationServiceAccount(t *testing.T) { + testData := []struct { + server string + namespace string + defaultServiceAccount string + expectedErrMsg string + }{ + { + // Given, a project + // When, a default destination service account with all valid fields is added to it, + // Then, there is no error. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: "test-sa", + expectedErrMsg: "", + }, + { + // Given, a project + // When, a default destination service account with negation glob pattern for server is added, + // Then, there is an error with appropriate message. + server: "!abc", + namespace: "test-ns", + defaultServiceAccount: "test-sa", + expectedErrMsg: "server has an invalid format, '!abc'", + }, + { + // Given, a project + // When, a default destination service account with empty namespace is added to it, + // Then, there is no error. + server: "https://192.168.99.100:8443", + namespace: "", + defaultServiceAccount: "test-sa", + expectedErrMsg: "", + }, + { + // Given, a project, + // When, a default destination service account with negation glob pattern for server is added, + // Then, there is an error with appropriate message. + server: "!*", + namespace: "test-ns", + defaultServiceAccount: "test-sa", + expectedErrMsg: "server has an invalid format, '!*'", + }, + { + // Given, a project, + // When, a default destination service account with negation glob pattern for namespace is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "!*", + defaultServiceAccount: "test-sa", + expectedErrMsg: "namespace has an invalid format, '!*'", + }, + { + // Given, a project, + // When, a default destination service account with negation glob pattern for namespace is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "!abc", + defaultServiceAccount: "test-sa", + expectedErrMsg: "namespace has an invalid format, '!abc'", + }, + { + // Given, a project, + // When, a default destination service account with empty service account is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: "", + expectedErrMsg: "defaultServiceAccount has an invalid format, ''", + }, + { + // Given, a project, + // When, a default destination service account with service account having just white spaces is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: " ", + expectedErrMsg: "defaultServiceAccount has an invalid format, ' '", + }, + { + // Given, a project, + // When, a default destination service account with service account having backwards slash char is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: "test\\sa", + expectedErrMsg: "defaultServiceAccount has an invalid format, 'test\\sa'", + }, + { + // Given, a project, + // When, a default destination service account with service account having forward slash char is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: "test/sa", + expectedErrMsg: "defaultServiceAccount has an invalid format, 'test/sa'", + }, + { + // Given, a project, + // When, a default destination service account with service account having square braces char is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: "[test-sa]", + expectedErrMsg: "defaultServiceAccount has an invalid format, '[test-sa]'", + }, + { + // Given, a project, + // When, a default destination service account with service account having curly braces char is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "test-ns", + defaultServiceAccount: "{test-sa}", + expectedErrMsg: "defaultServiceAccount has an invalid format, '{test-sa}'", + }, + { + // Given, a project, + // When, a default destination service account with service account having curly braces char is added, + // Then, there is an error with appropriate message. + server: "[[ech*", + namespace: "test-ns", + defaultServiceAccount: "test-sa", + expectedErrMsg: "server has an invalid format, '[[ech*'", + }, + { + // Given, a project, + // When, a default destination service account with service account having curly braces char is added, + // Then, there is an error with appropriate message. + server: "https://192.168.99.100:8443", + namespace: "[[ech*", + defaultServiceAccount: "test-sa", + expectedErrMsg: "namespace has an invalid format, '[[ech*'", + }, + } + for _, data := range testData { + proj := AppProject{ + Spec: AppProjectSpec{ + DestinationServiceAccounts: []ApplicationDestinationServiceAccount{ + { + Server: data.server, + Namespace: data.namespace, + DefaultServiceAccount: data.defaultServiceAccount, + }, + }, + }, + } + err := proj.ValidateProject() + if data.expectedErrMsg == "" { + require.NoError(t, err) + } else { + require.ErrorContains(t, err, data.expectedErrMsg) + } + } +} diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 062baf1fb4b4c..7e3682c091e74 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -156,6 +156,11 @@ func (in *AppProjectSpec) DeepCopyInto(out *AppProjectSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.DestinationServiceAccounts != nil { + in, out := &in.DestinationServiceAccounts, &out.DestinationServiceAccounts + *out = make([]ApplicationDestinationServiceAccount, len(*in)) + copy(*out, *in) + } return } @@ -261,6 +266,22 @@ func (in *ApplicationDestination) DeepCopy() *ApplicationDestination { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationDestinationServiceAccount) DeepCopyInto(out *ApplicationDestinationServiceAccount) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationDestinationServiceAccount. +func (in *ApplicationDestinationServiceAccount) DeepCopy() *ApplicationDestinationServiceAccount { + if in == nil { + return nil + } + out := new(ApplicationDestinationServiceAccount) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationList) DeepCopyInto(out *ApplicationList) { *out = *in diff --git a/pkg/ratelimiter/ratelimiter.go b/pkg/ratelimiter/ratelimiter.go index 1c491a584873e..53536f7b39a62 100644 --- a/pkg/ratelimiter/ratelimiter.go +++ b/pkg/ratelimiter/ratelimiter.go @@ -35,10 +35,10 @@ func GetDefaultAppRateLimiterConfig() *AppControllerRateLimiterConfig { // NewCustomAppControllerRateLimiter is a constructor for the rate limiter for a workqueue used by app controller. It has // both overall and per-item rate limiting. The overall is a token bucket and the per-item is exponential(with auto resets) -func NewCustomAppControllerRateLimiter(cfg *AppControllerRateLimiterConfig) workqueue.RateLimiter { - return workqueue.NewMaxOfRateLimiter( +func NewCustomAppControllerRateLimiter(cfg *AppControllerRateLimiterConfig) workqueue.TypedRateLimiter[string] { + return workqueue.NewTypedMaxOfRateLimiter[string]( NewItemExponentialRateLimiterWithAutoReset(cfg.BaseDelay, cfg.MaxDelay, cfg.FailureCoolDown, cfg.BackoffFactor), - &workqueue.BucketRateLimiter{Limiter: rate.NewLimiter(rate.Limit(cfg.BucketQPS), int(cfg.BucketSize))}, + &workqueue.TypedBucketRateLimiter[string]{Limiter: rate.NewLimiter(rate.Limit(cfg.BucketQPS), int(cfg.BucketSize))}, ) } @@ -59,9 +59,9 @@ type ItemExponentialRateLimiterWithAutoReset struct { backoffFactor float64 } -var _ workqueue.RateLimiter = &ItemExponentialRateLimiterWithAutoReset{} +var _ workqueue.TypedRateLimiter[string] = &ItemExponentialRateLimiterWithAutoReset{} -func NewItemExponentialRateLimiterWithAutoReset(baseDelay, maxDelay, failureCoolDown time.Duration, backoffFactor float64) workqueue.RateLimiter { +func NewItemExponentialRateLimiterWithAutoReset(baseDelay, maxDelay, failureCoolDown time.Duration, backoffFactor float64) workqueue.TypedRateLimiter[string] { return &ItemExponentialRateLimiterWithAutoReset{ failures: map[interface{}]failureData{}, baseDelay: baseDelay, @@ -71,7 +71,7 @@ func NewItemExponentialRateLimiterWithAutoReset(baseDelay, maxDelay, failureCool } } -func (r *ItemExponentialRateLimiterWithAutoReset) When(item interface{}) time.Duration { +func (r *ItemExponentialRateLimiterWithAutoReset) When(item string) time.Duration { r.failuresLock.Lock() defer r.failuresLock.Unlock() @@ -109,14 +109,14 @@ func (r *ItemExponentialRateLimiterWithAutoReset) When(item interface{}) time.Du return calculated } -func (r *ItemExponentialRateLimiterWithAutoReset) NumRequeues(item interface{}) int { +func (r *ItemExponentialRateLimiterWithAutoReset) NumRequeues(item string) int { r.failuresLock.Lock() defer r.failuresLock.Unlock() return r.failures[item].failures } -func (r *ItemExponentialRateLimiterWithAutoReset) Forget(item interface{}) { +func (r *ItemExponentialRateLimiterWithAutoReset) Forget(item string) { r.failuresLock.Lock() defer r.failuresLock.Unlock() diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index 23453a800ae52..11bccf550203d 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -21,8 +21,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=RepoServerServiceClient - // MaxGRPCMessageSize contains max grpc message size var MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 @@ -84,6 +82,7 @@ func NewConnection(address string, timeoutSeconds int, tlsConfig *TLSConfigurati opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) } + // nolint:staticcheck conn, err := grpc.Dial(address, opts...) if err != nil { log.Errorf("Unable to connect to repository service with address %s", address) diff --git a/reposerver/apiclient/mocks/RepoServerServiceClient.go b/reposerver/apiclient/mocks/RepoServerServiceClient.go index 3c560b32eafa4..4441ec3de2dd9 100644 --- a/reposerver/apiclient/mocks/RepoServerServiceClient.go +++ b/reposerver/apiclient/mocks/RepoServerServiceClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.40.2. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/reposerver/apiclient/mocks/RepoServerService_GenerateManifestWithFilesClient.go b/reposerver/apiclient/mocks/RepoServerService_GenerateManifestWithFilesClient.go index 79151a7ca1f58..eaed2fcb9e571 100644 --- a/reposerver/apiclient/mocks/RepoServerService_GenerateManifestWithFilesClient.go +++ b/reposerver/apiclient/mocks/RepoServerService_GenerateManifestWithFilesClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.13.1. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -21,7 +21,15 @@ type RepoServerService_GenerateManifestWithFilesClient struct { func (_m *RepoServerService_GenerateManifestWithFilesClient) CloseAndRecv() (*apiclient.ManifestResponse, error) { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for CloseAndRecv") + } + var r0 *apiclient.ManifestResponse + var r1 error + if rf, ok := ret.Get(0).(func() (*apiclient.ManifestResponse, error)); ok { + return rf() + } if rf, ok := ret.Get(0).(func() *apiclient.ManifestResponse); ok { r0 = rf() } else { @@ -30,7 +38,6 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) CloseAndRecv() (*ap } } - var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -44,6 +51,10 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) CloseAndRecv() (*ap func (_m *RepoServerService_GenerateManifestWithFilesClient) CloseSend() error { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for CloseSend") + } + var r0 error if rf, ok := ret.Get(0).(func() error); ok { r0 = rf() @@ -58,6 +69,10 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) CloseSend() error { func (_m *RepoServerService_GenerateManifestWithFilesClient) Context() context.Context { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for Context") + } + var r0 context.Context if rf, ok := ret.Get(0).(func() context.Context); ok { r0 = rf() @@ -74,7 +89,15 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) Context() context.C func (_m *RepoServerService_GenerateManifestWithFilesClient) Header() (metadata.MD, error) { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for Header") + } + var r0 metadata.MD + var r1 error + if rf, ok := ret.Get(0).(func() (metadata.MD, error)); ok { + return rf() + } if rf, ok := ret.Get(0).(func() metadata.MD); ok { r0 = rf() } else { @@ -83,7 +106,6 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) Header() (metadata. } } - var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -97,6 +119,10 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) Header() (metadata. func (_m *RepoServerService_GenerateManifestWithFilesClient) RecvMsg(m interface{}) error { ret := _m.Called(m) + if len(ret) == 0 { + panic("no return value specified for RecvMsg") + } + var r0 error if rf, ok := ret.Get(0).(func(interface{}) error); ok { r0 = rf(m) @@ -111,6 +137,10 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) RecvMsg(m interface func (_m *RepoServerService_GenerateManifestWithFilesClient) Send(_a0 *apiclient.ManifestRequestWithFiles) error { ret := _m.Called(_a0) + if len(ret) == 0 { + panic("no return value specified for Send") + } + var r0 error if rf, ok := ret.Get(0).(func(*apiclient.ManifestRequestWithFiles) error); ok { r0 = rf(_a0) @@ -125,6 +155,10 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) Send(_a0 *apiclient func (_m *RepoServerService_GenerateManifestWithFilesClient) SendMsg(m interface{}) error { ret := _m.Called(m) + if len(ret) == 0 { + panic("no return value specified for SendMsg") + } + var r0 error if rf, ok := ret.Get(0).(func(interface{}) error); ok { r0 = rf(m) @@ -139,6 +173,10 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) SendMsg(m interface func (_m *RepoServerService_GenerateManifestWithFilesClient) Trailer() metadata.MD { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for Trailer") + } + var r0 metadata.MD if rf, ok := ret.Get(0).(func() metadata.MD); ok { r0 = rf() @@ -151,13 +189,12 @@ func (_m *RepoServerService_GenerateManifestWithFilesClient) Trailer() metadata. return r0 } -type mockConstructorTestingTNewRepoServerService_GenerateManifestWithFilesClient interface { +// NewRepoServerService_GenerateManifestWithFilesClient creates a new instance of RepoServerService_GenerateManifestWithFilesClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRepoServerService_GenerateManifestWithFilesClient(t interface { mock.TestingT Cleanup(func()) -} - -// NewRepoServerService_GenerateManifestWithFilesClient creates a new instance of RepoServerService_GenerateManifestWithFilesClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewRepoServerService_GenerateManifestWithFilesClient(t mockConstructorTestingTNewRepoServerService_GenerateManifestWithFilesClient) *RepoServerService_GenerateManifestWithFilesClient { +}) *RepoServerService_GenerateManifestWithFilesClient { mock := &RepoServerService_GenerateManifestWithFilesClient{} mock.Mock.Test(t) diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 1b79360fa657b..b7f9d1efcd302 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -45,8 +45,10 @@ type ManifestRequest struct { // Deprecated: use sidecar plugins instead. Plugins []*v1alpha1.ConfigManagementPlugin `protobuf:"bytes,12,rep,name=plugins,proto3" json:"plugins,omitempty"` KustomizeOptions *v1alpha1.KustomizeOptions `protobuf:"bytes,13,opt,name=kustomizeOptions,proto3" json:"kustomizeOptions,omitempty"` - KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` - ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` + // KubeVersion is the Kubernetes API version from the destination cluster. + KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` + // ApiVersions is the list of API versions from the destination cluster, used for rendering Helm charts. + ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` // Request to verify the signature when generating the manifests (only for Git repositories) VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` @@ -60,7 +62,9 @@ type ManifestRequest struct { // This is used to surface "source not permitted" errors for Helm repositories ProjectSourceRepos []string `protobuf:"bytes,25,rep,name=projectSourceRepos,proto3" json:"projectSourceRepos,omitempty"` // This is used to surface "source not permitted" errors for Helm repositories - ProjectName string `protobuf:"bytes,26,opt,name=projectName,proto3" json:"projectName,omitempty"` + ProjectName string `protobuf:"bytes,26,opt,name=projectName,proto3" json:"projectName,omitempty"` + // Holds instance installation id + InstallationID string `protobuf:"bytes,27,opt,name=installationID,proto3" json:"installationID,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -260,6 +264,13 @@ func (m *ManifestRequest) GetProjectName() string { return "" } +func (m *ManifestRequest) GetInstallationID() string { + if m != nil { + return m.InstallationID + } + return "" +} + type ManifestRequestWithFiles struct { // Types that are valid to be assigned to Part: // *ManifestRequestWithFiles_Request @@ -905,10 +916,12 @@ type ManifestResponse struct { // A version of the application and its dependencies ApplicationVersions *ApplicationVersions `protobuf:"bytes,11,opt,name=applicationVersions,proto3" json:"applicationVersions,omitempty"` // for multisourced apps will be [0,12,20], so this means that 0-11 - from first app source, 12-19 from second one, 20-x - third one - SourcesManifestsStartingIdx []int32 `protobuf:"varint,12,rep,packed,name=sourcesManifestsStartingIdx,proto3" json:"sourcesManifestsStartingIdx,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + SourcesManifestsStartingIdx []int32 `protobuf:"varint,12,rep,packed,name=sourcesManifestsStartingIdx,proto3" json:"sourcesManifestsStartingIdx,omitempty"` + // Commands is the list of commands used to hydrate the manifests + Commands []string `protobuf:"bytes,13,rep,name=commands,proto3" json:"commands,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ManifestResponse) Reset() { *m = ManifestResponse{} } @@ -1021,6 +1034,13 @@ func (m *ManifestResponse) GetSourcesManifestsStartingIdx() []int32 { return nil } +func (m *ManifestResponse) GetCommands() []string { + if m != nil { + return m.Commands + } + return nil +} + type ListRefsRequest struct { Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -2448,6 +2468,7 @@ type UpdateRevisionForPathsRequest struct { Revision string `protobuf:"bytes,12,opt,name=revision,proto3" json:"revision,omitempty"` Paths []string `protobuf:"bytes,13,rep,name=paths,proto3" json:"paths,omitempty"` NoRevisionCache bool `protobuf:"varint,14,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` + InstallationID string `protobuf:"bytes,15,opt,name=installationID,proto3" json:"installationID,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2584,6 +2605,13 @@ func (m *UpdateRevisionForPathsRequest) GetNoRevisionCache() bool { return false } +func (m *UpdateRevisionForPathsRequest) GetInstallationID() string { + if m != nil { + return m.InstallationID + } + return "" +} + type UpdateRevisionForPathsResponse struct { Changes bool `protobuf:"varint,1,opt,name=changes,proto3" json:"changes,omitempty"` Revision string `protobuf:"bytes,2,opt,name=revision,proto3" json:"revision,omitempty"` @@ -2828,176 +2856,178 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2690 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x1a, 0x4d, 0x6f, 0x1c, 0x49, - 0xd5, 0xf3, 0xe9, 0x99, 0x37, 0xfe, 0xac, 0xd8, 0x4e, 0x67, 0x76, 0x63, 0xbc, 0xcd, 0x6e, 0xe4, - 0xf5, 0xee, 0xce, 0x60, 0xef, 0x27, 0xd9, 0xb0, 0xe0, 0x75, 0x12, 0x3b, 0x1f, 0x4e, 0xbc, 0x9d, - 0xec, 0xa2, 0x2c, 0x01, 0x54, 0xd3, 0x53, 0x9e, 0xe9, 0x4c, 0x7f, 0x54, 0xba, 0x7b, 0x9c, 0x75, - 0x24, 0x24, 0x24, 0x10, 0x1c, 0xb8, 0x23, 0xc1, 0x0d, 0xf1, 0x1b, 0x10, 0x47, 0x4e, 0x08, 0x4e, - 0x08, 0x71, 0x41, 0xe2, 0x02, 0xca, 0x2f, 0x41, 0xf5, 0xd1, 0xdd, 0xd5, 0x3d, 0xed, 0xb1, 0x17, - 0x27, 0x5e, 0xe0, 0x62, 0x57, 0xbd, 0x7e, 0xf5, 0xea, 0xd5, 0xfb, 0xaa, 0xf7, 0x5e, 0x0d, 0x5c, - 0xf2, 0x09, 0xf5, 0x02, 0xe2, 0x1f, 0x10, 0xbf, 0xcd, 0x87, 0x56, 0xe8, 0xf9, 0x87, 0xca, 0xb0, - 0x45, 0x7d, 0x2f, 0xf4, 0x10, 0x24, 0x90, 0xa6, 0x3e, 0xf8, 0x20, 0x68, 0x59, 0x5e, 0x1b, 0x53, - 0xab, 0x6d, 0x7a, 0x3e, 0x69, 0x1f, 0xac, 0xb7, 0x7b, 0xc4, 0x25, 0x3e, 0x0e, 0x49, 0x57, 0xe0, - 0x37, 0xdf, 0x49, 0x70, 0x1c, 0x6c, 0xf6, 0x2d, 0x97, 0xf8, 0x87, 0x6d, 0x3a, 0xe8, 0x31, 0x40, - 0xd0, 0x76, 0x48, 0x88, 0xf3, 0x56, 0xdd, 0xee, 0x59, 0x61, 0x7f, 0xd8, 0x69, 0x99, 0x9e, 0xd3, - 0xc6, 0x7e, 0xcf, 0xa3, 0xbe, 0xf7, 0x88, 0x0f, 0xde, 0x32, 0xbb, 0xed, 0x83, 0x8d, 0x84, 0x00, - 0xa6, 0xd4, 0xb6, 0x4c, 0x1c, 0x5a, 0x9e, 0xdb, 0x3e, 0x58, 0xc7, 0x36, 0xed, 0xe3, 0x51, 0x6a, - 0x2f, 0xf5, 0x3c, 0xaf, 0x67, 0x93, 0x36, 0x9f, 0x75, 0x86, 0xfb, 0x6d, 0xe2, 0xd0, 0x50, 0x1e, - 0x48, 0xff, 0xcb, 0x34, 0xcc, 0xee, 0x62, 0xd7, 0xda, 0x27, 0x41, 0x68, 0x90, 0xc7, 0x43, 0x12, - 0x84, 0xe8, 0x21, 0x94, 0xd9, 0x31, 0xb5, 0xc2, 0x4a, 0x61, 0xb5, 0xb1, 0xb1, 0xd3, 0x4a, 0xb8, - 0x69, 0x45, 0xdc, 0xf0, 0xc1, 0x0f, 0xcd, 0x6e, 0xeb, 0x60, 0xa3, 0x45, 0x07, 0xbd, 0x16, 0xe3, - 0xa6, 0xa5, 0x70, 0xd3, 0x8a, 0xb8, 0x69, 0x19, 0xb1, 0xc0, 0x0c, 0x4e, 0x15, 0x35, 0xa1, 0xe6, - 0x93, 0x03, 0x2b, 0xb0, 0x3c, 0x57, 0x2b, 0xae, 0x14, 0x56, 0xeb, 0x46, 0x3c, 0x47, 0x1a, 0x4c, - 0xba, 0xde, 0x16, 0x36, 0xfb, 0x44, 0x2b, 0xad, 0x14, 0x56, 0x6b, 0x46, 0x34, 0x45, 0x2b, 0xd0, - 0xc0, 0x94, 0xde, 0xc6, 0x1d, 0x62, 0xdf, 0x22, 0x87, 0x5a, 0x99, 0x2f, 0x54, 0x41, 0x6c, 0x2d, - 0xa6, 0xf4, 0x0e, 0x76, 0x88, 0x56, 0xe1, 0x5f, 0xa3, 0x29, 0x7a, 0x19, 0xea, 0x2e, 0x76, 0x48, - 0x40, 0xb1, 0x49, 0xb4, 0x1a, 0xff, 0x96, 0x00, 0xd0, 0x8f, 0x60, 0x5e, 0x61, 0xfc, 0x9e, 0x37, - 0xf4, 0x4d, 0xa2, 0x01, 0x3f, 0xfa, 0xdd, 0xd3, 0x1d, 0x7d, 0x33, 0x4b, 0xd6, 0x18, 0xdd, 0x09, - 0xfd, 0x00, 0x2a, 0xdc, 0xa6, 0xb4, 0xc6, 0x4a, 0xe9, 0xb9, 0x4a, 0x5b, 0x90, 0x45, 0x2e, 0x4c, - 0x52, 0x7b, 0xd8, 0xb3, 0xdc, 0x40, 0x9b, 0xe2, 0x3b, 0xdc, 0x3f, 0xdd, 0x0e, 0x5b, 0x9e, 0xbb, - 0x6f, 0xf5, 0x76, 0xb1, 0x8b, 0x7b, 0xc4, 0x21, 0x6e, 0xb8, 0xc7, 0x89, 0x1b, 0xd1, 0x26, 0xe8, - 0x29, 0xcc, 0x0d, 0x86, 0x41, 0xe8, 0x39, 0xd6, 0x53, 0x72, 0x97, 0xb2, 0xb5, 0x81, 0x36, 0xcd, - 0xa5, 0x79, 0xe7, 0x74, 0x1b, 0xdf, 0xca, 0x50, 0x35, 0x46, 0xf6, 0x61, 0x46, 0x32, 0x18, 0x76, - 0xc8, 0x67, 0xc4, 0xe7, 0xd6, 0x35, 0x23, 0x8c, 0x44, 0x01, 0x09, 0x33, 0xb2, 0xe4, 0x2c, 0xd0, - 0x66, 0x57, 0x4a, 0xc2, 0x8c, 0x62, 0x10, 0x5a, 0x85, 0xd9, 0x03, 0xe2, 0x5b, 0xfb, 0x87, 0xf7, - 0xac, 0x9e, 0x8b, 0xc3, 0xa1, 0x4f, 0xb4, 0x39, 0x6e, 0x8a, 0x59, 0x30, 0x72, 0x60, 0xba, 0x4f, - 0x6c, 0x87, 0x89, 0x7c, 0xcb, 0x27, 0xdd, 0x40, 0x9b, 0xe7, 0xf2, 0xdd, 0x3e, 0xbd, 0x06, 0x39, - 0x39, 0x23, 0x4d, 0x9d, 0x31, 0xe6, 0x7a, 0x86, 0xf4, 0x14, 0xe1, 0x23, 0x48, 0x30, 0x96, 0x01, - 0xa3, 0x4b, 0x30, 0x13, 0xfa, 0xd8, 0x1c, 0x58, 0x6e, 0x6f, 0x97, 0x84, 0x7d, 0xaf, 0xab, 0x9d, - 0xe3, 0x92, 0xc8, 0x40, 0x91, 0x09, 0x88, 0xb8, 0xb8, 0x63, 0x93, 0xae, 0xb0, 0xc5, 0xfb, 0x87, - 0x94, 0x04, 0xda, 0x02, 0x3f, 0xc5, 0xdb, 0x2d, 0x25, 0xf6, 0x65, 0x02, 0x44, 0xeb, 0xda, 0xc8, - 0xaa, 0x6b, 0x6e, 0xe8, 0x1f, 0x1a, 0x39, 0xe4, 0xd0, 0x00, 0x1a, 0xec, 0x1c, 0x91, 0x29, 0x2c, - 0x72, 0x53, 0xb8, 0x71, 0x3a, 0x19, 0xed, 0x24, 0x04, 0x0d, 0x95, 0x3a, 0x6a, 0x01, 0xea, 0xe3, - 0x60, 0x77, 0x68, 0x87, 0x16, 0xb5, 0x89, 0x60, 0x23, 0xd0, 0x96, 0xb8, 0x98, 0x72, 0xbe, 0xa0, - 0x5b, 0x00, 0x3e, 0xd9, 0x8f, 0xf0, 0xce, 0xf3, 0x93, 0xbf, 0x31, 0xee, 0xe4, 0x46, 0x8c, 0x2d, - 0x4e, 0xac, 0x2c, 0x47, 0x1d, 0x38, 0xa7, 0x70, 0xbb, 0x4b, 0x42, 0xdc, 0xc5, 0x21, 0xd6, 0x34, - 0x7e, 0xe2, 0x6f, 0xb4, 0xc4, 0x4d, 0xd0, 0x52, 0x6f, 0x82, 0xe4, 0x98, 0xec, 0x26, 0x68, 0x1d, - 0xac, 0xb7, 0xee, 0x76, 0x1e, 0x11, 0x33, 0x64, 0x6b, 0x8d, 0x3c, 0x62, 0xec, 0x80, 0x4c, 0x54, - 0xc4, 0x0c, 0x65, 0x44, 0xe1, 0xa1, 0xe3, 0x02, 0x37, 0xe3, 0x9c, 0x2f, 0xcc, 0xde, 0x25, 0x94, - 0x07, 0xc6, 0xa6, 0xf0, 0x08, 0x05, 0xd4, 0xbc, 0x06, 0xe7, 0x8f, 0x50, 0x27, 0x9a, 0x83, 0xd2, - 0x80, 0x1c, 0xf2, 0x6b, 0xa0, 0x6e, 0xb0, 0x21, 0x5a, 0x80, 0xca, 0x01, 0xb6, 0x87, 0x84, 0x07, - 0xee, 0x9a, 0x21, 0x26, 0x97, 0x8b, 0x1f, 0x14, 0x9a, 0x3f, 0x2b, 0xc0, 0x6c, 0x46, 0x38, 0x39, - 0xeb, 0xbf, 0xaf, 0xae, 0x7f, 0x0e, 0xae, 0xb2, 0x7f, 0x1f, 0xfb, 0x3d, 0x12, 0x2a, 0x8c, 0xe8, - 0x7f, 0x2b, 0x80, 0x96, 0xd1, 0xda, 0x77, 0xad, 0xb0, 0x7f, 0xdd, 0xb2, 0x49, 0x80, 0xde, 0x87, - 0x49, 0x5f, 0xc0, 0xe4, 0xe5, 0xf6, 0xd2, 0x18, 0x65, 0xef, 0x4c, 0x18, 0x11, 0x36, 0xfa, 0x08, - 0x6a, 0x4e, 0xa4, 0x50, 0xc1, 0xfb, 0x4a, 0xde, 0x4a, 0xb6, 0x4b, 0xa4, 0xab, 0x9d, 0x09, 0x23, - 0x5e, 0x83, 0xde, 0x85, 0x8a, 0xd9, 0x1f, 0xba, 0x03, 0x7e, 0xad, 0x35, 0x36, 0x2e, 0x1e, 0xb5, - 0x78, 0x8b, 0x21, 0xed, 0x4c, 0x18, 0x02, 0xfb, 0xe3, 0x2a, 0x94, 0x29, 0xf6, 0x43, 0xfd, 0x3a, - 0x2c, 0xe4, 0x6d, 0xc1, 0xee, 0x52, 0xb3, 0x4f, 0xcc, 0x41, 0x30, 0x74, 0xa4, 0x98, 0xe3, 0x39, - 0x42, 0x50, 0x0e, 0xac, 0xa7, 0x42, 0xd4, 0x25, 0x83, 0x8f, 0xf5, 0xd7, 0x61, 0x7e, 0x64, 0x37, - 0xa6, 0x54, 0xc1, 0x1b, 0xa3, 0x30, 0x25, 0xb7, 0xd6, 0x87, 0xb0, 0x78, 0x9f, 0xcb, 0x22, 0xbe, - 0x50, 0xce, 0x22, 0x3b, 0xd0, 0x77, 0x60, 0x29, 0xbb, 0x6d, 0x40, 0x3d, 0x37, 0x20, 0xcc, 0xf4, - 0x79, 0x04, 0xb6, 0x48, 0x37, 0xf9, 0xca, 0xb9, 0xa8, 0x19, 0x39, 0x5f, 0xf4, 0xdf, 0x16, 0x61, - 0xc9, 0x20, 0x81, 0x67, 0x1f, 0x90, 0x28, 0x3c, 0x9e, 0x4d, 0x82, 0xf3, 0x3d, 0x28, 0x61, 0x4a, - 0xa5, 0x99, 0xdc, 0x78, 0x6e, 0x29, 0x84, 0xc1, 0xa8, 0xa2, 0x37, 0x61, 0x1e, 0x3b, 0x1d, 0xab, - 0x37, 0xf4, 0x86, 0x41, 0x74, 0x2c, 0x6e, 0x54, 0x75, 0x63, 0xf4, 0x03, 0x73, 0xff, 0x80, 0x7b, - 0xe4, 0x0d, 0xb7, 0x4b, 0xbe, 0xe0, 0x59, 0x53, 0xc9, 0x50, 0x41, 0xba, 0x09, 0xe7, 0x47, 0x84, - 0x24, 0x05, 0xae, 0x26, 0x6a, 0x85, 0x4c, 0xa2, 0x96, 0xcb, 0x46, 0xf1, 0x08, 0x36, 0xf4, 0x1f, - 0x17, 0xa0, 0x16, 0xd9, 0x1d, 0x5a, 0x83, 0x39, 0xd3, 0x73, 0xa8, 0x65, 0x93, 0x6e, 0x04, 0x93, - 0xe4, 0x47, 0xe0, 0x8c, 0x7f, 0x1f, 0x3f, 0x89, 0xd1, 0xc4, 0x06, 0x2a, 0x88, 0x59, 0x39, 0xc5, - 0x61, 0x5f, 0x8a, 0x80, 0x8f, 0x19, 0xcc, 0xb6, 0x5c, 0xc2, 0x8f, 0x5b, 0x31, 0xf8, 0x58, 0xff, - 0x1c, 0xa6, 0xae, 0x12, 0x4a, 0xdc, 0x2e, 0x71, 0x4d, 0x8b, 0x04, 0x1c, 0xc7, 0x33, 0x07, 0x72, - 0x67, 0x3e, 0x66, 0xb0, 0x2e, 0xa1, 0x81, 0xdc, 0x86, 0x8f, 0x91, 0x0e, 0x53, 0x2c, 0x06, 0x58, - 0x3e, 0x4f, 0x76, 0x02, 0xb9, 0x4f, 0x0a, 0xa6, 0x07, 0x70, 0x4e, 0xd1, 0x53, 0x9c, 0x49, 0x2c, - 0x03, 0x60, 0x4a, 0xa3, 0x64, 0x44, 0x6c, 0xa4, 0x40, 0xd0, 0x15, 0x98, 0xea, 0x2a, 0x2c, 0x49, - 0x83, 0xd1, 0xd4, 0xd0, 0xa0, 0xb2, 0x6c, 0xa4, 0xb0, 0xf5, 0x9f, 0x97, 0x61, 0x2e, 0x09, 0x58, - 0x52, 0x65, 0x1b, 0x50, 0x77, 0x24, 0x2c, 0xd0, 0x0a, 0xfc, 0x3a, 0x5b, 0xc8, 0x8d, 0x70, 0x09, - 0x5a, 0x3a, 0x3b, 0x2e, 0x66, 0xb3, 0xe3, 0x25, 0xa8, 0x8a, 0xb2, 0x48, 0x9e, 0x5c, 0xce, 0x52, - 0xc6, 0x51, 0xce, 0x18, 0xc7, 0x32, 0x40, 0x10, 0xdf, 0x25, 0x5a, 0x55, 0x1c, 0x3c, 0x81, 0x30, - 0x99, 0x8a, 0x5c, 0xca, 0x20, 0xc1, 0xd0, 0x0e, 0xb5, 0x49, 0x21, 0x53, 0x15, 0x86, 0x5e, 0x85, - 0x69, 0xd3, 0x73, 0x1c, 0x2b, 0xdc, 0x25, 0x41, 0x80, 0x7b, 0x51, 0xde, 0x9e, 0x06, 0x32, 0x4a, - 0x02, 0xb0, 0x39, 0x0c, 0xfb, 0x9e, 0xaf, 0xd5, 0x05, 0x25, 0x15, 0x86, 0x6e, 0x02, 0x88, 0xf9, - 0x55, 0x1c, 0x46, 0x89, 0xfd, 0xda, 0xc9, 0x6e, 0xe3, 0xfb, 0x96, 0x43, 0x0c, 0x65, 0x35, 0xfa, - 0x24, 0x75, 0xc5, 0xc7, 0x69, 0x64, 0x83, 0x13, 0xfd, 0x9a, 0x2a, 0xe9, 0x1c, 0x83, 0x30, 0xf2, - 0xd6, 0xa2, 0xef, 0xc0, 0x4b, 0x42, 0x34, 0x41, 0xa4, 0x9c, 0xe0, 0x5e, 0x88, 0xfd, 0xd0, 0x72, - 0x7b, 0x37, 0xba, 0x5f, 0xf0, 0x9c, 0xbd, 0x62, 0x8c, 0x43, 0xd1, 0x3d, 0x98, 0xbd, 0x6d, 0x31, - 0x23, 0xd8, 0x0f, 0xce, 0x26, 0x46, 0xbf, 0x07, 0x65, 0xb6, 0x19, 0xb3, 0x81, 0x8e, 0x8f, 0x5d, - 0xb3, 0x4f, 0x84, 0xb1, 0xd5, 0x8d, 0x78, 0xce, 0x7c, 0x29, 0xc4, 0x3d, 0x66, 0xd4, 0x0c, 0xce, - 0xc7, 0xfa, 0xef, 0x8b, 0x82, 0xd3, 0x4d, 0x4a, 0x83, 0xaf, 0xbe, 0xd6, 0xcc, 0xcf, 0x7e, 0x4b, - 0xa3, 0xd9, 0x6f, 0x86, 0xe5, 0x2f, 0x93, 0xfd, 0x3e, 0xa7, 0xec, 0x4a, 0x1f, 0xc2, 0xe4, 0x26, - 0xa5, 0x8c, 0x11, 0xb4, 0x0e, 0x65, 0x4c, 0x69, 0xe4, 0xdd, 0x17, 0x33, 0x36, 0xc7, 0x50, 0xd8, - 0x7f, 0xc9, 0x12, 0x47, 0x6d, 0xbe, 0x0f, 0xf5, 0x18, 0x74, 0xdc, 0xb6, 0x75, 0x75, 0xdb, 0x15, - 0x00, 0x51, 0xde, 0xdd, 0x70, 0xf7, 0x3d, 0xa6, 0x52, 0x16, 0x17, 0xa2, 0x90, 0xc9, 0xc6, 0xfa, - 0xe5, 0x08, 0x83, 0xf3, 0xf6, 0x26, 0x54, 0xac, 0x90, 0x38, 0x11, 0x73, 0x4b, 0x2a, 0x73, 0x09, - 0x21, 0x43, 0x20, 0xe9, 0x7f, 0xaa, 0xc1, 0x05, 0xa6, 0xb1, 0x7b, 0x3c, 0xa2, 0x6c, 0x52, 0x7a, - 0x95, 0x84, 0xd8, 0xb2, 0x83, 0x4f, 0x86, 0xc4, 0x3f, 0x7c, 0xc1, 0x86, 0xd1, 0x83, 0xaa, 0x70, - 0x29, 0x19, 0x75, 0x9f, 0x7b, 0xa5, 0x2f, 0xc9, 0x27, 0xe5, 0x7d, 0xe9, 0xc5, 0x94, 0xf7, 0x79, - 0xe5, 0x76, 0xf9, 0x8c, 0xca, 0xed, 0xa3, 0x3b, 0x2e, 0x4a, 0x1f, 0xa7, 0x9a, 0xee, 0xe3, 0xe4, - 0x54, 0xb1, 0x93, 0x27, 0xad, 0x62, 0x6b, 0xb9, 0x55, 0xac, 0x93, 0xeb, 0xc7, 0x75, 0x2e, 0xee, - 0x6f, 0xa9, 0x16, 0x78, 0xa4, 0xad, 0x9d, 0xa6, 0x9e, 0x85, 0x17, 0x5a, 0xcf, 0x7e, 0x9a, 0xaa, - 0x4f, 0x45, 0x87, 0xe8, 0xdd, 0x93, 0x9d, 0x69, 0x4c, 0xa5, 0xfa, 0x7f, 0x57, 0xf3, 0xfd, 0x94, - 0xa7, 0xfa, 0xd4, 0x4b, 0x64, 0x10, 0x67, 0x44, 0xec, 0x1e, 0x62, 0x59, 0x88, 0x0c, 0x5a, 0x6c, - 0x8c, 0xde, 0x80, 0x32, 0x13, 0xb2, 0xac, 0xc5, 0xce, 0xab, 0xf2, 0x64, 0x9a, 0xd8, 0xa4, 0xf4, - 0x1e, 0x25, 0xa6, 0xc1, 0x91, 0xd0, 0x65, 0xa8, 0xc7, 0x86, 0x2f, 0x3d, 0xeb, 0x65, 0x75, 0x45, - 0xec, 0x27, 0xd1, 0xb2, 0x04, 0x9d, 0xad, 0xed, 0x5a, 0x3e, 0x31, 0x79, 0xa5, 0x52, 0x19, 0x5d, - 0x7b, 0x35, 0xfa, 0x18, 0xaf, 0x8d, 0xd1, 0xd1, 0x3a, 0x54, 0x45, 0x4b, 0x8d, 0x7b, 0x50, 0x63, - 0xe3, 0xc2, 0x68, 0x30, 0x8d, 0x56, 0x49, 0x44, 0xfd, 0x8f, 0x05, 0x78, 0x25, 0x31, 0x88, 0xc8, - 0x9b, 0xa2, 0x62, 0xf1, 0xab, 0xbf, 0x71, 0x2f, 0xc1, 0x0c, 0xaf, 0x4e, 0x93, 0xce, 0x9a, 0x68, - 0xf2, 0x66, 0xa0, 0xfa, 0xef, 0x0a, 0xf0, 0xda, 0xe8, 0x39, 0xb6, 0xfa, 0xd8, 0x0f, 0x63, 0xf5, - 0x9e, 0xc5, 0x59, 0xa2, 0x0b, 0xaf, 0x98, 0x5c, 0x78, 0xa9, 0xf3, 0x95, 0xd2, 0xe7, 0xd3, 0xff, - 0x50, 0x84, 0x86, 0x62, 0x40, 0x79, 0x17, 0x26, 0xcb, 0x8d, 0xb9, 0xdd, 0xf2, 0x7e, 0x04, 0xbf, - 0x14, 0xea, 0x86, 0x02, 0x41, 0x03, 0x00, 0x8a, 0x7d, 0xec, 0x90, 0x90, 0xf8, 0x2c, 0x92, 0x33, - 0x8f, 0xbf, 0x75, 0xfa, 0xe8, 0xb2, 0x17, 0xd1, 0x34, 0x14, 0xf2, 0x2c, 0xb9, 0xe7, 0x5b, 0x07, - 0x32, 0x7e, 0xcb, 0x19, 0x7a, 0x02, 0x33, 0xfb, 0x96, 0x4d, 0xf6, 0x12, 0x46, 0xaa, 0x9c, 0x91, - 0xbb, 0xa7, 0x67, 0xe4, 0xba, 0x4a, 0xd7, 0xc8, 0x6c, 0xa3, 0xaf, 0xc1, 0x5c, 0xd6, 0x9f, 0x18, - 0x93, 0x96, 0x83, 0x7b, 0xb1, 0xb4, 0xe4, 0x4c, 0x47, 0x30, 0x97, 0xf5, 0x1f, 0xfd, 0x9f, 0x45, - 0x58, 0x8c, 0xc9, 0x6d, 0xba, 0xae, 0x37, 0x74, 0x4d, 0x5e, 0xa4, 0xe5, 0xea, 0x62, 0x01, 0x2a, - 0xa1, 0x15, 0xda, 0x71, 0xe2, 0xc3, 0x27, 0xec, 0xee, 0x0a, 0x3d, 0xcf, 0x0e, 0x2d, 0x2a, 0x15, - 0x1c, 0x4d, 0x85, 0xee, 0x79, 0xdd, 0xd7, 0xe5, 0x91, 0xa0, 0x66, 0xc4, 0x73, 0xf6, 0x8d, 0x65, - 0x35, 0xbc, 0xe2, 0x11, 0xc2, 0x8c, 0xe7, 0xdc, 0xee, 0x3d, 0xdb, 0x26, 0x26, 0x13, 0x87, 0x52, - 0x13, 0x65, 0xa0, 0xbc, 0xd6, 0x0a, 0x7d, 0xcb, 0xed, 0xc9, 0x8a, 0x48, 0xce, 0x18, 0x9f, 0xd8, - 0xf7, 0xf1, 0xa1, 0x56, 0xe3, 0x02, 0x10, 0x13, 0x74, 0x05, 0x4a, 0x0e, 0xa6, 0xf2, 0xa2, 0x5b, - 0x4b, 0x45, 0x87, 0x3c, 0x09, 0xb4, 0x76, 0x31, 0x15, 0x37, 0x01, 0x5b, 0xd6, 0x7c, 0x8f, 0x55, - 0xe4, 0xf4, 0xcb, 0xa7, 0x84, 0x8f, 0x60, 0x3a, 0x15, 0x7c, 0xd0, 0x03, 0x58, 0x4a, 0x2c, 0x4a, - 0xdd, 0x50, 0x26, 0x81, 0xaf, 0x1c, 0xcb, 0x99, 0x71, 0x04, 0x01, 0xfd, 0x31, 0xcc, 0x33, 0x93, - 0xe1, 0x8e, 0x7f, 0x46, 0xa5, 0xcd, 0x87, 0x50, 0x8f, 0xb7, 0xcc, 0xb5, 0x99, 0x26, 0xd4, 0x0e, - 0xa2, 0xb2, 0x4f, 0xd4, 0x36, 0xf1, 0x5c, 0xdf, 0x04, 0xa4, 0xf2, 0x2b, 0x6f, 0xa0, 0x37, 0xd2, - 0x49, 0xf1, 0x62, 0xf6, 0xba, 0xe1, 0xe8, 0x51, 0x4e, 0xfc, 0xf7, 0x22, 0xcc, 0x6e, 0x5b, 0xbc, - 0x39, 0x77, 0x46, 0x41, 0x6e, 0x0d, 0xe6, 0x82, 0x61, 0xc7, 0xf1, 0xba, 0x43, 0x9b, 0xc8, 0xa4, - 0x40, 0xde, 0xf4, 0x23, 0xf0, 0x71, 0xc1, 0x2f, 0x6e, 0xc4, 0x94, 0x95, 0x46, 0xcc, 0x15, 0xb8, - 0x70, 0x87, 0x3c, 0x91, 0xe7, 0xd9, 0xb6, 0xbd, 0x4e, 0xc7, 0x72, 0x7b, 0xd1, 0x26, 0x15, 0xbe, - 0xc9, 0xd1, 0x08, 0x79, 0xa9, 0x62, 0x35, 0x3f, 0x55, 0x8c, 0x1b, 0x0a, 0x5b, 0xbc, 0x54, 0x97, - 0x19, 0x65, 0x0a, 0xa6, 0xff, 0xa4, 0x00, 0x73, 0x89, 0x64, 0xa5, 0x6e, 0xde, 0x17, 0x3e, 0x24, - 0x34, 0xf3, 0x9a, 0xaa, 0x99, 0x2c, 0xea, 0x7f, 0xee, 0x3e, 0x53, 0xaa, 0xfb, 0xfc, 0xa2, 0x08, - 0x8b, 0xdb, 0x56, 0x18, 0x05, 0x2e, 0xeb, 0x7f, 0x4d, 0xcb, 0x39, 0x3a, 0x29, 0x9f, 0x4c, 0x27, - 0x95, 0x1c, 0x9d, 0xb4, 0x60, 0x29, 0x2b, 0x0c, 0xa9, 0x98, 0x05, 0xa8, 0x30, 0x0b, 0x8a, 0xfa, - 0x0a, 0x62, 0xa2, 0xff, 0xa3, 0x0a, 0x17, 0x3f, 0xa5, 0x5d, 0x1c, 0xc6, 0xcd, 0xca, 0xeb, 0x9e, - 0xbf, 0xc7, 0x3e, 0x9d, 0x8d, 0x14, 0x33, 0x8f, 0xd0, 0xc5, 0xb1, 0x8f, 0xd0, 0xa5, 0x31, 0x8f, - 0xd0, 0xe5, 0x13, 0x3d, 0x42, 0x57, 0xce, 0xec, 0x11, 0x7a, 0xb4, 0xd6, 0xaa, 0xe6, 0xd6, 0x5a, - 0x0f, 0x52, 0xf5, 0xc8, 0x24, 0x77, 0x9b, 0x6f, 0xaa, 0x6e, 0x33, 0x56, 0x3b, 0x63, 0x5f, 0xcf, - 0x32, 0x6f, 0xb7, 0xb5, 0x63, 0xdf, 0x6e, 0xeb, 0xa3, 0x6f, 0xb7, 0xf9, 0xcf, 0x7f, 0x70, 0xe4, - 0xf3, 0xdf, 0x25, 0x98, 0x09, 0x0e, 0x5d, 0x93, 0x74, 0xe3, 0x16, 0x76, 0x43, 0x1c, 0x3b, 0x0d, - 0x4d, 0x79, 0xc4, 0x54, 0xc6, 0x23, 0x62, 0x4b, 0x9d, 0x56, 0x2c, 0x35, 0xcf, 0x4f, 0x66, 0x72, - 0xfd, 0xe4, 0xbf, 0xa7, 0x88, 0xfa, 0x0c, 0x96, 0x8f, 0xd2, 0x9e, 0x74, 0x4a, 0x0d, 0x26, 0xcd, - 0x3e, 0x76, 0x7b, 0xbc, 0xdd, 0xc7, 0xab, 0x7a, 0x39, 0x1d, 0x97, 0xf5, 0xeb, 0xbf, 0x2a, 0xc2, - 0xe2, 0x16, 0xc7, 0xcb, 0x3e, 0xc3, 0x28, 0xce, 0x52, 0x18, 0xe3, 0x2c, 0x23, 0x3d, 0xe9, 0x55, - 0x98, 0x35, 0x87, 0xbe, 0xcf, 0x52, 0x87, 0x74, 0x9c, 0xca, 0x82, 0x59, 0xd8, 0xa3, 0x8c, 0x11, - 0xf5, 0x95, 0x42, 0xf8, 0xde, 0x08, 0x3c, 0x51, 0x64, 0x45, 0x55, 0x64, 0x14, 0x50, 0xaa, 0x2f, - 0x24, 0xdd, 0x78, 0x07, 0x96, 0xb2, 0xa2, 0x39, 0xfe, 0xf1, 0x65, 0xe3, 0x37, 0x0d, 0x98, 0x4f, - 0xea, 0x23, 0xf6, 0xd7, 0x32, 0x09, 0xba, 0x0b, 0x73, 0xdb, 0xf2, 0x97, 0x3f, 0xf1, 0xeb, 0xc8, - 0xb8, 0xe7, 0xcd, 0xe6, 0xcb, 0xf9, 0x1f, 0x05, 0x03, 0xfa, 0x04, 0x32, 0xe1, 0x42, 0x96, 0x60, - 0xf2, 0x92, 0xfa, 0xea, 0x18, 0xca, 0x31, 0xd6, 0x71, 0x5b, 0xac, 0x16, 0xd0, 0x03, 0x98, 0x49, - 0xbf, 0xf7, 0xa1, 0x54, 0xc2, 0x98, 0xfb, 0x04, 0xd9, 0xd4, 0xc7, 0xa1, 0xc4, 0xfc, 0x3f, 0x64, - 0x8e, 0x95, 0x7a, 0xda, 0x42, 0x7a, 0xba, 0x77, 0x92, 0xf7, 0x38, 0xd8, 0xfc, 0xfa, 0x58, 0x9c, - 0x98, 0xfa, 0x87, 0x50, 0x8b, 0xba, 0xee, 0x69, 0x31, 0x67, 0x7a, 0xf1, 0xcd, 0xb9, 0x34, 0xbd, - 0xfd, 0x40, 0x9f, 0x40, 0x1f, 0x89, 0xc5, 0x9b, 0x94, 0xe6, 0x2c, 0x56, 0x7a, 0xcd, 0xcd, 0x73, - 0x39, 0xfd, 0x5d, 0x7d, 0x02, 0x7d, 0x1b, 0x1a, 0x6c, 0xb4, 0x27, 0x7f, 0x73, 0xb3, 0xd4, 0x12, - 0x3f, 0xf1, 0x6a, 0x45, 0x3f, 0xf1, 0x6a, 0x5d, 0x73, 0x68, 0x78, 0xd8, 0xcc, 0x69, 0xc0, 0x4a, - 0x02, 0x0f, 0x61, 0x7a, 0x9b, 0x84, 0x49, 0xbf, 0x04, 0xbd, 0x76, 0xa2, 0xae, 0x52, 0x53, 0xcf, - 0xa2, 0x8d, 0xb6, 0x5c, 0xf4, 0x09, 0xf4, 0xcb, 0x02, 0x9c, 0xdb, 0x26, 0x61, 0xb6, 0x03, 0x81, - 0xde, 0xca, 0xdf, 0xe4, 0x88, 0x4e, 0x45, 0xf3, 0xce, 0x69, 0xbd, 0x2d, 0x4d, 0x56, 0x9f, 0x40, - 0xbf, 0x2e, 0xc0, 0x79, 0x85, 0x31, 0xb5, 0xa5, 0x80, 0xd6, 0xc7, 0x33, 0x97, 0xd3, 0x7e, 0x68, - 0xde, 0x3c, 0xe5, 0x4f, 0xa9, 0x14, 0x92, 0xfa, 0x04, 0xda, 0xe3, 0x3a, 0x49, 0x2a, 0x08, 0x74, - 0x31, 0xb7, 0x54, 0x88, 0x77, 0x5f, 0x3e, 0xea, 0x73, 0xac, 0x87, 0x9b, 0xd0, 0xd8, 0x26, 0x61, - 0x94, 0xca, 0xa6, 0x2d, 0x2d, 0x53, 0x65, 0xa4, 0x5d, 0x35, 0x9b, 0xfd, 0x72, 0x8b, 0x99, 0x17, - 0xb4, 0x94, 0x74, 0x2d, 0xed, 0xab, 0xb9, 0x79, 0x6d, 0xda, 0x62, 0xf2, 0xb3, 0x3d, 0x7d, 0x02, - 0x3d, 0x86, 0xa5, 0xfc, 0xcb, 0x07, 0xbd, 0x7e, 0xe2, 0xf4, 0xa2, 0xb9, 0x76, 0x12, 0xd4, 0xcc, - 0x81, 0xd2, 0xe1, 0x37, 0x7d, 0xa0, 0xdc, 0x5b, 0x2b, 0x7d, 0xa0, 0xfc, 0xe8, 0xad, 0x4f, 0x7c, - 0xbc, 0xf9, 0xe7, 0x67, 0xcb, 0x85, 0xbf, 0x3e, 0x5b, 0x2e, 0xfc, 0xeb, 0xd9, 0x72, 0xe1, 0xf3, - 0xb7, 0x8f, 0xf9, 0x41, 0xa7, 0xf2, 0xeb, 0x53, 0x4c, 0x2d, 0xd3, 0xb6, 0x88, 0x1b, 0x76, 0xaa, - 0xdc, 0x9b, 0xdf, 0xfe, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x2a, 0xb4, 0x26, 0x19, 0x9c, 0x2a, - 0x00, 0x00, + // 2728 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x1a, 0x4d, 0x73, 0x1c, 0x47, + 0x55, 0xfb, 0x25, 0xed, 0xbe, 0xd5, 0x67, 0xdb, 0x96, 0xc7, 0xeb, 0x58, 0x28, 0x43, 0xe2, 0x72, + 0x9c, 0x64, 0x17, 0x29, 0x9f, 0x24, 0x21, 0xa0, 0xc8, 0xb6, 0xa4, 0x38, 0xb2, 0x95, 0xb1, 0x13, + 0x2a, 0x21, 0x40, 0xf5, 0xce, 0xb6, 0x76, 0x27, 0x3b, 0x1f, 0x9d, 0x99, 0x5e, 0x25, 0x4a, 0x15, + 0x55, 0x14, 0x50, 0x5c, 0xb8, 0x53, 0x05, 0x37, 0x2a, 0xbf, 0x81, 0xe2, 0xc8, 0x89, 0x82, 0x23, + 0xc5, 0x85, 0x23, 0x54, 0x7e, 0x04, 0x67, 0xaa, 0x3f, 0x66, 0xa6, 0x67, 0x76, 0x76, 0xa5, 0x20, + 0x5b, 0x01, 0x2e, 0x52, 0xf7, 0x9b, 0xee, 0xf7, 0x5e, 0xbf, 0xaf, 0x7e, 0xef, 0xf5, 0xc2, 0xf5, + 0x90, 0xd0, 0x20, 0x22, 0xe1, 0x11, 0x09, 0x3b, 0x62, 0xe8, 0xb0, 0x20, 0x3c, 0xd6, 0x86, 0x6d, + 0x1a, 0x06, 0x2c, 0x40, 0x90, 0x42, 0x5a, 0xe6, 0xf0, 0xd5, 0xa8, 0xed, 0x04, 0x1d, 0x4c, 0x9d, + 0x8e, 0x1d, 0x84, 0xa4, 0x73, 0xb4, 0xd1, 0xe9, 0x13, 0x9f, 0x84, 0x98, 0x91, 0x9e, 0x5c, 0xdf, + 0x7a, 0x31, 0x5d, 0xe3, 0x61, 0x7b, 0xe0, 0xf8, 0x24, 0x3c, 0xee, 0xd0, 0x61, 0x9f, 0x03, 0xa2, + 0x8e, 0x47, 0x18, 0x2e, 0xda, 0xf5, 0x4e, 0xdf, 0x61, 0x83, 0x51, 0xb7, 0x6d, 0x07, 0x5e, 0x07, + 0x87, 0xfd, 0x80, 0x86, 0xc1, 0xc7, 0x62, 0xf0, 0xbc, 0xdd, 0xeb, 0x1c, 0x6d, 0xa6, 0x08, 0x30, + 0xa5, 0xae, 0x63, 0x63, 0xe6, 0x04, 0x7e, 0xe7, 0x68, 0x03, 0xbb, 0x74, 0x80, 0xc7, 0xb1, 0x5d, + 0xed, 0x07, 0x41, 0xdf, 0x25, 0x1d, 0x31, 0xeb, 0x8e, 0x0e, 0x3b, 0xc4, 0xa3, 0x4c, 0x1d, 0xc8, + 0xfc, 0xd7, 0x02, 0x2c, 0xed, 0x63, 0xdf, 0x39, 0x24, 0x11, 0xb3, 0xc8, 0x27, 0x23, 0x12, 0x31, + 0xf4, 0x11, 0x54, 0xf9, 0x31, 0x8d, 0xd2, 0x7a, 0xe9, 0x46, 0x73, 0x73, 0xb7, 0x9d, 0x72, 0xd3, + 0x8e, 0xb9, 0x11, 0x83, 0x1f, 0xdb, 0xbd, 0xf6, 0xd1, 0x66, 0x9b, 0x0e, 0xfb, 0x6d, 0xce, 0x4d, + 0x5b, 0xe3, 0xa6, 0x1d, 0x73, 0xd3, 0xb6, 0x12, 0x81, 0x59, 0x02, 0x2b, 0x6a, 0x41, 0x3d, 0x24, + 0x47, 0x4e, 0xe4, 0x04, 0xbe, 0x51, 0x5e, 0x2f, 0xdd, 0x68, 0x58, 0xc9, 0x1c, 0x19, 0x30, 0xe7, + 0x07, 0xdb, 0xd8, 0x1e, 0x10, 0xa3, 0xb2, 0x5e, 0xba, 0x51, 0xb7, 0xe2, 0x29, 0x5a, 0x87, 0x26, + 0xa6, 0xf4, 0x1d, 0xdc, 0x25, 0xee, 0x5d, 0x72, 0x6c, 0x54, 0xc5, 0x46, 0x1d, 0xc4, 0xf7, 0x62, + 0x4a, 0xef, 0x61, 0x8f, 0x18, 0x35, 0xf1, 0x35, 0x9e, 0xa2, 0x27, 0xa0, 0xe1, 0x63, 0x8f, 0x44, + 0x14, 0xdb, 0xc4, 0xa8, 0x8b, 0x6f, 0x29, 0x00, 0xfd, 0x04, 0x56, 0x34, 0xc6, 0x1f, 0x04, 0xa3, + 0xd0, 0x26, 0x06, 0x88, 0xa3, 0xdf, 0x3f, 0xdb, 0xd1, 0xb7, 0xf2, 0x68, 0xad, 0x71, 0x4a, 0xe8, + 0x47, 0x50, 0x13, 0x36, 0x65, 0x34, 0xd7, 0x2b, 0x8f, 0x54, 0xda, 0x12, 0x2d, 0xf2, 0x61, 0x8e, + 0xba, 0xa3, 0xbe, 0xe3, 0x47, 0xc6, 0xbc, 0xa0, 0xf0, 0xf0, 0x6c, 0x14, 0xb6, 0x03, 0xff, 0xd0, + 0xe9, 0xef, 0x63, 0x1f, 0xf7, 0x89, 0x47, 0x7c, 0x76, 0x20, 0x90, 0x5b, 0x31, 0x11, 0xf4, 0x39, + 0x2c, 0x0f, 0x47, 0x11, 0x0b, 0x3c, 0xe7, 0x73, 0x72, 0x9f, 0xf2, 0xbd, 0x91, 0xb1, 0x20, 0xa4, + 0x79, 0xef, 0x6c, 0x84, 0xef, 0xe6, 0xb0, 0x5a, 0x63, 0x74, 0xb8, 0x91, 0x0c, 0x47, 0x5d, 0xf2, + 0x3e, 0x09, 0x85, 0x75, 0x2d, 0x4a, 0x23, 0xd1, 0x40, 0xd2, 0x8c, 0x1c, 0x35, 0x8b, 0x8c, 0xa5, + 0xf5, 0x8a, 0x34, 0xa3, 0x04, 0x84, 0x6e, 0xc0, 0xd2, 0x11, 0x09, 0x9d, 0xc3, 0xe3, 0x07, 0x4e, + 0xdf, 0xc7, 0x6c, 0x14, 0x12, 0x63, 0x59, 0x98, 0x62, 0x1e, 0x8c, 0x3c, 0x58, 0x18, 0x10, 0xd7, + 0xe3, 0x22, 0xdf, 0x0e, 0x49, 0x2f, 0x32, 0x56, 0x84, 0x7c, 0x77, 0xce, 0xae, 0x41, 0x81, 0xce, + 0xca, 0x62, 0xe7, 0x8c, 0xf9, 0x81, 0xa5, 0x3c, 0x45, 0xfa, 0x08, 0x92, 0x8c, 0xe5, 0xc0, 0xe8, + 0x3a, 0x2c, 0xb2, 0x10, 0xdb, 0x43, 0xc7, 0xef, 0xef, 0x13, 0x36, 0x08, 0x7a, 0xc6, 0x05, 0x21, + 0x89, 0x1c, 0x14, 0xd9, 0x80, 0x88, 0x8f, 0xbb, 0x2e, 0xe9, 0x49, 0x5b, 0x7c, 0x78, 0x4c, 0x49, + 0x64, 0x5c, 0x14, 0xa7, 0x78, 0xa1, 0xad, 0xc5, 0xbe, 0x5c, 0x80, 0x68, 0xdf, 0x1e, 0xdb, 0x75, + 0xdb, 0x67, 0xe1, 0xb1, 0x55, 0x80, 0x0e, 0x0d, 0xa1, 0xc9, 0xcf, 0x11, 0x9b, 0xc2, 0x25, 0x61, + 0x0a, 0x7b, 0x67, 0x93, 0xd1, 0x6e, 0x8a, 0xd0, 0xd2, 0xb1, 0xa3, 0x36, 0xa0, 0x01, 0x8e, 0xf6, + 0x47, 0x2e, 0x73, 0xa8, 0x4b, 0x24, 0x1b, 0x91, 0xb1, 0x2a, 0xc4, 0x54, 0xf0, 0x05, 0xdd, 0x05, + 0x08, 0xc9, 0x61, 0xbc, 0xee, 0xb2, 0x38, 0xf9, 0xb3, 0xd3, 0x4e, 0x6e, 0x25, 0xab, 0xe5, 0x89, + 0xb5, 0xed, 0xa8, 0x0b, 0x17, 0x34, 0x6e, 0xf7, 0x09, 0xc3, 0x3d, 0xcc, 0xb0, 0x61, 0x88, 0x13, + 0x7f, 0xab, 0x2d, 0x6f, 0x82, 0xb6, 0x7e, 0x13, 0xa4, 0xc7, 0xe4, 0x37, 0x41, 0xfb, 0x68, 0xa3, + 0x7d, 0xbf, 0xfb, 0x31, 0xb1, 0x19, 0xdf, 0x6b, 0x15, 0x21, 0xe3, 0x07, 0xe4, 0xa2, 0x22, 0x36, + 0x53, 0x11, 0x45, 0x84, 0x8e, 0x2b, 0xc2, 0x8c, 0x0b, 0xbe, 0x70, 0x7b, 0x57, 0x50, 0x11, 0x18, + 0x5b, 0xd2, 0x23, 0x34, 0x10, 0x37, 0x16, 0xc7, 0x8f, 0x18, 0x76, 0x5d, 0x41, 0x69, 0xef, 0x96, + 0x71, 0x55, 0x1a, 0x4b, 0x16, 0xda, 0xba, 0x0d, 0x97, 0x27, 0xa8, 0x1d, 0x2d, 0x43, 0x65, 0x48, + 0x8e, 0xc5, 0x75, 0xd1, 0xb0, 0xf8, 0x10, 0x5d, 0x84, 0xda, 0x11, 0x76, 0x47, 0x44, 0x04, 0xf8, + 0xba, 0x25, 0x27, 0xaf, 0x95, 0x5f, 0x2d, 0xb5, 0x7e, 0x59, 0x82, 0xa5, 0x9c, 0x10, 0x0b, 0xf6, + 0xff, 0x50, 0xdf, 0xff, 0x08, 0x5c, 0xea, 0xf0, 0x21, 0x0e, 0xfb, 0x84, 0x69, 0x8c, 0x98, 0x7f, + 0x2b, 0x81, 0x91, 0xd3, 0xee, 0xf7, 0x1d, 0x36, 0xb8, 0xe3, 0xb8, 0x24, 0x42, 0xaf, 0xc0, 0x5c, + 0x28, 0x61, 0xea, 0x12, 0xbc, 0x3a, 0xc5, 0x28, 0x76, 0x67, 0xac, 0x78, 0x35, 0x7a, 0x13, 0xea, + 0x5e, 0xac, 0x78, 0xc9, 0xfb, 0x7a, 0xd1, 0x4e, 0x4e, 0x25, 0xd6, 0xe9, 0xee, 0x8c, 0x95, 0xec, + 0x41, 0x2f, 0x41, 0xcd, 0x1e, 0x8c, 0xfc, 0xa1, 0xb8, 0xfe, 0x9a, 0x9b, 0xd7, 0x26, 0x6d, 0xde, + 0xe6, 0x8b, 0x76, 0x67, 0x2c, 0xb9, 0xfa, 0xad, 0x59, 0xa8, 0x52, 0x1c, 0x32, 0xf3, 0x0e, 0x5c, + 0x2c, 0x22, 0xc1, 0xef, 0x5c, 0x7b, 0x40, 0xec, 0x61, 0x34, 0xf2, 0x94, 0x98, 0x93, 0x39, 0x42, + 0x50, 0x8d, 0x9c, 0xcf, 0xa5, 0xa8, 0x2b, 0x96, 0x18, 0x9b, 0xcf, 0xc0, 0xca, 0x18, 0x35, 0xae, + 0x54, 0xc9, 0x1b, 0xc7, 0x30, 0xaf, 0x48, 0x9b, 0x23, 0xb8, 0xf4, 0x50, 0xc8, 0x22, 0xb9, 0x78, + 0xce, 0x23, 0x8b, 0x30, 0x77, 0x61, 0x35, 0x4f, 0x36, 0xa2, 0x81, 0x1f, 0x11, 0xee, 0x22, 0x22, + 0x52, 0x3b, 0xa4, 0x97, 0x7e, 0x15, 0x5c, 0xd4, 0xad, 0x82, 0x2f, 0xe6, 0x17, 0x65, 0x58, 0xb5, + 0x48, 0x14, 0xb8, 0x47, 0x24, 0x0e, 0xa3, 0xe7, 0x93, 0x08, 0xfd, 0x00, 0x2a, 0x98, 0x52, 0x65, + 0x26, 0x7b, 0x8f, 0x2c, 0xd5, 0xb0, 0x38, 0x56, 0xf4, 0x1c, 0xac, 0x60, 0xaf, 0xeb, 0xf4, 0x47, + 0xc1, 0x28, 0x8a, 0x8f, 0x25, 0x8c, 0xaa, 0x61, 0x8d, 0x7f, 0xe0, 0x61, 0x22, 0x12, 0x1e, 0xb9, + 0xe7, 0xf7, 0xc8, 0x67, 0x22, 0xbb, 0xaa, 0x58, 0x3a, 0xc8, 0xb4, 0xe1, 0xf2, 0x98, 0x90, 0x94, + 0xc0, 0xf5, 0x84, 0xae, 0x94, 0x4b, 0xe8, 0x0a, 0xd9, 0x28, 0x4f, 0x60, 0xc3, 0xfc, 0x69, 0x09, + 0xea, 0xb1, 0xdd, 0xa1, 0x9b, 0xb0, 0x6c, 0x07, 0x1e, 0x75, 0x5c, 0xd2, 0x8b, 0x61, 0x0a, 0xfd, + 0x18, 0x9c, 0xf3, 0x1f, 0xe2, 0x4f, 0x93, 0x65, 0x92, 0x80, 0x0e, 0xe2, 0x56, 0x4e, 0x31, 0x1b, + 0x28, 0x11, 0x88, 0x31, 0x87, 0xb9, 0x8e, 0x4f, 0xc4, 0x71, 0x6b, 0x96, 0x18, 0x9b, 0x1f, 0xc2, + 0xfc, 0x2d, 0x42, 0x89, 0xdf, 0x23, 0xbe, 0xed, 0x90, 0x48, 0xac, 0x09, 0xec, 0xa1, 0xa2, 0x2c, + 0xc6, 0x1c, 0xd6, 0x23, 0x34, 0x52, 0x64, 0xc4, 0x18, 0x99, 0x30, 0xcf, 0x63, 0x80, 0x13, 0x8a, + 0xa4, 0x28, 0x52, 0x74, 0x32, 0x30, 0x33, 0x82, 0x0b, 0x9a, 0x9e, 0x92, 0x8c, 0x63, 0x0d, 0x00, + 0x53, 0x1a, 0x27, 0x2d, 0x92, 0x90, 0x06, 0x41, 0x6f, 0xc0, 0x7c, 0x4f, 0x63, 0x49, 0x19, 0x8c, + 0xa1, 0x87, 0x06, 0x9d, 0x65, 0x2b, 0xb3, 0xda, 0xfc, 0xa2, 0x0a, 0xcb, 0x69, 0xc0, 0x52, 0x2a, + 0xdb, 0x84, 0x86, 0xa7, 0x60, 0x91, 0x51, 0x12, 0xd7, 0xde, 0xc5, 0xc2, 0x08, 0x97, 0x2e, 0xcb, + 0x66, 0xd1, 0xe5, 0x7c, 0x16, 0xbd, 0x0a, 0xb3, 0xb2, 0x7c, 0x52, 0x27, 0x57, 0xb3, 0x8c, 0x71, + 0x54, 0x73, 0xc6, 0xb1, 0x06, 0x10, 0x25, 0x77, 0x89, 0x31, 0x2b, 0x0f, 0x9e, 0x42, 0xb8, 0x4c, + 0x65, 0xce, 0x65, 0x91, 0x68, 0xe4, 0x32, 0x63, 0x4e, 0xca, 0x54, 0x87, 0xa1, 0xa7, 0x60, 0xc1, + 0x0e, 0x3c, 0xcf, 0x61, 0xfb, 0x24, 0x8a, 0x70, 0x3f, 0xce, 0xef, 0xb3, 0x40, 0x8e, 0x49, 0x02, + 0xb6, 0x46, 0x6c, 0x10, 0x84, 0x46, 0x43, 0x62, 0xd2, 0x61, 0xe8, 0x6d, 0x00, 0x39, 0xbf, 0x85, + 0x59, 0x5c, 0x00, 0xdc, 0x3c, 0xdd, 0xad, 0xfd, 0xd0, 0xf1, 0x88, 0xa5, 0xed, 0x46, 0xef, 0x66, + 0x52, 0x81, 0x24, 0xdd, 0x6c, 0x0a, 0xa4, 0xdf, 0xd0, 0x25, 0x5d, 0x60, 0x10, 0x56, 0xd1, 0x5e, + 0xf4, 0x3d, 0xb8, 0x2a, 0x45, 0x13, 0xc5, 0xca, 0x89, 0x1e, 0x30, 0x1c, 0x32, 0xc7, 0xef, 0xef, + 0xf5, 0x3e, 0x13, 0xb9, 0x7d, 0xcd, 0x9a, 0xb6, 0x44, 0x5c, 0x02, 0x81, 0xe7, 0x61, 0xbf, 0xc7, + 0x33, 0xf2, 0x8a, 0xb8, 0x04, 0xd4, 0xdc, 0x0c, 0x60, 0xe9, 0x1d, 0x87, 0x1b, 0xc8, 0x61, 0x74, + 0x3e, 0xf1, 0xfb, 0x65, 0xa8, 0x72, 0x62, 0x9c, 0xa9, 0x6e, 0x88, 0x7d, 0x7b, 0x40, 0xa4, 0x21, + 0x36, 0xac, 0x64, 0xce, 0xfd, 0x8c, 0xe1, 0x3e, 0x37, 0x78, 0x0e, 0x17, 0x63, 0xf3, 0x0f, 0x65, + 0xc9, 0xe9, 0x16, 0xa5, 0xd1, 0xd7, 0x5f, 0xaf, 0x16, 0x67, 0xd0, 0x95, 0xf1, 0x0c, 0x3a, 0xc7, + 0xf2, 0x57, 0xc9, 0xa0, 0x1f, 0x51, 0xe6, 0x65, 0x8e, 0x60, 0x6e, 0x8b, 0x52, 0xce, 0x08, 0xda, + 0x80, 0x2a, 0xa6, 0x34, 0xf6, 0xfc, 0x6b, 0x39, 0x7b, 0xe4, 0x4b, 0xf8, 0x7f, 0xc5, 0x92, 0x58, + 0xda, 0x7a, 0x05, 0x1a, 0x09, 0xe8, 0x24, 0xb2, 0x0d, 0x9d, 0xec, 0x3a, 0x80, 0x2c, 0x11, 0xf7, + 0xfc, 0xc3, 0x80, 0xab, 0x94, 0xc7, 0x8c, 0x38, 0x9c, 0xf2, 0xb1, 0xf9, 0x5a, 0xbc, 0x42, 0xf0, + 0xf6, 0x1c, 0xd4, 0x1c, 0x46, 0xbc, 0x98, 0xb9, 0x55, 0x9d, 0xb9, 0x14, 0x91, 0x25, 0x17, 0x99, + 0x7f, 0xae, 0xc3, 0x15, 0xae, 0xb1, 0x07, 0x22, 0xda, 0x6c, 0x51, 0x7a, 0x8b, 0x30, 0xec, 0xb8, + 0xd1, 0xbb, 0x23, 0x12, 0x1e, 0x3f, 0x66, 0xc3, 0xe8, 0xc3, 0xac, 0x74, 0x37, 0x15, 0x91, 0x1f, + 0x79, 0xb7, 0x40, 0xa1, 0x4f, 0x5b, 0x04, 0x95, 0xc7, 0xd3, 0x22, 0x28, 0x2a, 0xd9, 0xab, 0xe7, + 0x54, 0xb2, 0x4f, 0xee, 0xda, 0x68, 0xbd, 0xa0, 0xd9, 0x6c, 0x2f, 0xa8, 0xa0, 0x12, 0x9e, 0x3b, + 0x6d, 0x25, 0x5c, 0x2f, 0xac, 0x84, 0xbd, 0x42, 0x3f, 0x6e, 0x08, 0x71, 0x7f, 0x47, 0xb7, 0xc0, + 0x89, 0xb6, 0x76, 0x96, 0x9a, 0x18, 0x1e, 0x6b, 0x4d, 0xfc, 0x5e, 0xa6, 0xc6, 0x95, 0x5d, 0xa6, + 0x97, 0x4e, 0x77, 0xa6, 0x29, 0xd5, 0xee, 0xff, 0x5d, 0x3d, 0xf8, 0x0b, 0x51, 0x06, 0xd0, 0x20, + 0x95, 0x41, 0x92, 0x2d, 0xf1, 0x7b, 0x88, 0x67, 0x28, 0x2a, 0x68, 0xf1, 0x31, 0x7a, 0x16, 0xaa, + 0x5c, 0xc8, 0xaa, 0x4e, 0xbb, 0xac, 0xcb, 0x93, 0x6b, 0x62, 0x8b, 0xd2, 0x07, 0x94, 0xd8, 0x96, + 0x58, 0x84, 0x5e, 0x83, 0x46, 0x62, 0xf8, 0xca, 0xb3, 0x9e, 0xd0, 0x77, 0x24, 0x7e, 0x12, 0x6f, + 0x4b, 0x97, 0xf3, 0xbd, 0x3d, 0x27, 0x24, 0xb6, 0xa8, 0x62, 0x6a, 0xe3, 0x7b, 0x6f, 0xc5, 0x1f, + 0x93, 0xbd, 0xc9, 0x72, 0xb4, 0x01, 0xb3, 0xb2, 0x2d, 0x27, 0x3c, 0xa8, 0xb9, 0x79, 0x65, 0x3c, + 0x98, 0xc6, 0xbb, 0xd4, 0x42, 0xf3, 0x4f, 0x25, 0x78, 0x32, 0x35, 0x88, 0xd8, 0x9b, 0xe2, 0x42, + 0xf2, 0xeb, 0xbf, 0x71, 0xaf, 0xc3, 0xa2, 0xa8, 0x5c, 0xd3, 0xee, 0x9c, 0x6c, 0x14, 0xe7, 0xa0, + 0xe6, 0xef, 0x4b, 0xf0, 0xf4, 0xf8, 0x39, 0xb6, 0x07, 0x38, 0x64, 0x89, 0x7a, 0xcf, 0xe3, 0x2c, + 0xf1, 0x85, 0x57, 0x4e, 0x2f, 0xbc, 0xcc, 0xf9, 0x2a, 0xd9, 0xf3, 0x99, 0x7f, 0x2c, 0x43, 0x53, + 0x33, 0xa0, 0xa2, 0x0b, 0x93, 0xe7, 0xcd, 0xc2, 0x6e, 0x45, 0xaf, 0x42, 0x5c, 0x0a, 0x0d, 0x4b, + 0x83, 0xa0, 0x21, 0x00, 0xc5, 0x21, 0xf6, 0x08, 0x23, 0x21, 0x8f, 0xe4, 0xdc, 0xe3, 0xef, 0x9e, + 0x3d, 0xba, 0x1c, 0xc4, 0x38, 0x2d, 0x0d, 0x3d, 0x4f, 0xfc, 0x05, 0xe9, 0x48, 0xc5, 0x6f, 0x35, + 0x43, 0x9f, 0xc2, 0xe2, 0xa1, 0xe3, 0x92, 0x83, 0x94, 0x91, 0x59, 0xc1, 0xc8, 0xfd, 0xb3, 0x33, + 0x72, 0x47, 0xc7, 0x6b, 0xe5, 0xc8, 0x98, 0x37, 0x61, 0x39, 0xef, 0x4f, 0x9c, 0x49, 0xc7, 0xc3, + 0xfd, 0x44, 0x5a, 0x6a, 0x66, 0x22, 0x58, 0xce, 0xfb, 0x8f, 0xf9, 0x8f, 0x32, 0x5c, 0x4a, 0xd0, + 0x6d, 0xf9, 0x7e, 0x30, 0xf2, 0x6d, 0x51, 0xc0, 0x15, 0xea, 0xe2, 0x22, 0xd4, 0x98, 0xc3, 0xdc, + 0x24, 0xf1, 0x11, 0x13, 0x7e, 0x77, 0xb1, 0x20, 0x70, 0x99, 0x43, 0x95, 0x82, 0xe3, 0xa9, 0xd4, + 0xbd, 0xa8, 0x09, 0x7b, 0x22, 0x12, 0xd4, 0xad, 0x64, 0xce, 0xbf, 0xf1, 0xac, 0x46, 0x54, 0x43, + 0x52, 0x98, 0xc9, 0x5c, 0xd8, 0x7d, 0xe0, 0xba, 0xc4, 0xe6, 0xe2, 0xd0, 0xea, 0xa5, 0x1c, 0x54, + 0xd4, 0x61, 0x2c, 0x74, 0xfc, 0xbe, 0xaa, 0x96, 0xd4, 0x8c, 0xf3, 0x89, 0xc3, 0x10, 0x1f, 0x1b, + 0x75, 0x21, 0x00, 0x39, 0x41, 0x6f, 0x40, 0xc5, 0xc3, 0x54, 0x5d, 0x74, 0x37, 0x33, 0xd1, 0xa1, + 0x48, 0x02, 0xed, 0x7d, 0x4c, 0xe5, 0x4d, 0xc0, 0xb7, 0xb5, 0x5e, 0xe6, 0xd5, 0x3a, 0xfd, 0xea, + 0x29, 0xe1, 0xc7, 0xb0, 0x90, 0x09, 0x3e, 0xe8, 0x03, 0x58, 0x4d, 0x2d, 0x4a, 0x27, 0xa8, 0x92, + 0xc0, 0x27, 0x4f, 0xe4, 0xcc, 0x9a, 0x80, 0xc0, 0xfc, 0x04, 0x56, 0xb8, 0xc9, 0x08, 0xc7, 0x3f, + 0xa7, 0xd2, 0xe6, 0x75, 0x68, 0x24, 0x24, 0x0b, 0x6d, 0xa6, 0x05, 0xf5, 0xa3, 0xb8, 0x24, 0x94, + 0xb5, 0x4d, 0x32, 0x37, 0xb7, 0x00, 0xe9, 0xfc, 0xaa, 0x1b, 0xe8, 0xd9, 0x6c, 0x52, 0x7c, 0x29, + 0x7f, 0xdd, 0x88, 0xe5, 0x71, 0x4e, 0xfc, 0xf7, 0x32, 0x2c, 0xed, 0x38, 0xa2, 0x71, 0x77, 0x4e, + 0x41, 0xee, 0x26, 0x2c, 0x47, 0xa3, 0xae, 0x17, 0xf4, 0x46, 0x2e, 0x51, 0x49, 0x81, 0xba, 0xe9, + 0xc7, 0xe0, 0xd3, 0x82, 0x5f, 0xd2, 0xa4, 0xa9, 0x6a, 0x4d, 0x9a, 0x37, 0xe0, 0xca, 0x3d, 0xf2, + 0xa9, 0x3a, 0xcf, 0x8e, 0x1b, 0x74, 0xbb, 0x8e, 0xdf, 0x8f, 0x89, 0xd4, 0x04, 0x91, 0xc9, 0x0b, + 0x8a, 0x52, 0xc5, 0xd9, 0xe2, 0x54, 0x31, 0x69, 0x36, 0x6c, 0x8b, 0x32, 0x5e, 0x65, 0x94, 0x19, + 0x98, 0xf9, 0xf3, 0x12, 0x2c, 0xa7, 0x92, 0x55, 0xba, 0x79, 0x45, 0xfa, 0x90, 0xd4, 0xcc, 0xd3, + 0xba, 0x66, 0xf2, 0x4b, 0xff, 0x73, 0xf7, 0x99, 0xd7, 0xdd, 0xe7, 0x57, 0x65, 0xb8, 0xb4, 0xe3, + 0xb0, 0x38, 0x70, 0x39, 0xff, 0x6b, 0x5a, 0x2e, 0xd0, 0x49, 0xf5, 0x74, 0x3a, 0xa9, 0x15, 0xe8, + 0xa4, 0x0d, 0xab, 0x79, 0x61, 0x28, 0xc5, 0x5c, 0x84, 0x1a, 0xb7, 0xa0, 0xb8, 0xaf, 0x20, 0x27, + 0xe6, 0xcf, 0xe6, 0xe0, 0xda, 0x7b, 0xb4, 0x87, 0x59, 0xd2, 0xc8, 0xbc, 0x13, 0x84, 0x07, 0xfc, + 0xd3, 0xf9, 0x48, 0x31, 0xf7, 0x90, 0x5d, 0x9e, 0xfa, 0x90, 0x5d, 0x99, 0xf2, 0x90, 0x5d, 0x3d, + 0xd5, 0x43, 0x76, 0xed, 0xdc, 0x1e, 0xb2, 0xc7, 0x6b, 0xad, 0xd9, 0xc2, 0x5a, 0xeb, 0x83, 0x4c, + 0x3d, 0x32, 0x27, 0xdc, 0xe6, 0xdb, 0xba, 0xdb, 0x4c, 0xd5, 0xce, 0xd4, 0x17, 0xb8, 0xdc, 0xfb, + 0x6f, 0xfd, 0xc4, 0xf7, 0xdf, 0xc6, 0xf8, 0xfb, 0x6f, 0xf1, 0x13, 0x22, 0x4c, 0x7c, 0x42, 0xbc, + 0x0e, 0x8b, 0xd1, 0xb1, 0x6f, 0x93, 0x5e, 0xd2, 0xde, 0x6e, 0xca, 0x63, 0x67, 0xa1, 0x19, 0x8f, + 0x98, 0xcf, 0x79, 0x44, 0x62, 0xa9, 0x0b, 0x9a, 0xa5, 0x16, 0xf9, 0xc9, 0xe2, 0xc4, 0x32, 0x37, + 0xf7, 0x86, 0xb7, 0x54, 0xf8, 0x86, 0xf7, 0x5f, 0x53, 0x6c, 0xbd, 0x0f, 0x6b, 0x93, 0xb4, 0xac, + 0x9c, 0xd7, 0x80, 0x39, 0x7b, 0x80, 0xfd, 0xbe, 0x68, 0x0b, 0x8a, 0xea, 0x5f, 0x4d, 0xa7, 0x55, + 0x07, 0xe6, 0x6f, 0xca, 0x70, 0x69, 0x5b, 0xac, 0xcb, 0x3f, 0xe5, 0x68, 0x4e, 0x55, 0x9a, 0xe2, + 0x54, 0x63, 0x7d, 0xed, 0x1b, 0xb0, 0x64, 0x8f, 0xc2, 0x90, 0xa7, 0x18, 0xd9, 0x78, 0x96, 0x07, + 0xf3, 0xf0, 0x48, 0x39, 0x23, 0xfa, 0x4b, 0x87, 0xf4, 0xd1, 0x31, 0x78, 0xaa, 0xf0, 0x9a, 0xae, + 0xf0, 0x38, 0xf0, 0xcc, 0x3e, 0x96, 0xb4, 0xe4, 0x45, 0x58, 0xcd, 0x8b, 0xe6, 0xe4, 0x07, 0x9c, + 0xcd, 0xdf, 0x35, 0x61, 0x25, 0xad, 0xa3, 0xf8, 0x5f, 0xc7, 0x26, 0xe8, 0x3e, 0x2c, 0xef, 0xa8, + 0x5f, 0x19, 0x25, 0x2f, 0x2c, 0xd3, 0x9e, 0x48, 0x5b, 0x4f, 0x14, 0x7f, 0x94, 0x0c, 0x98, 0x33, + 0xc8, 0x86, 0x2b, 0x79, 0x84, 0xe9, 0x6b, 0xec, 0x53, 0x53, 0x30, 0x27, 0xab, 0x4e, 0x22, 0x71, + 0xa3, 0x84, 0x3e, 0x80, 0xc5, 0xec, 0x9b, 0x21, 0xca, 0x24, 0x96, 0x85, 0xcf, 0x98, 0x2d, 0x73, + 0xda, 0x92, 0x84, 0xff, 0x8f, 0xb8, 0x63, 0x65, 0x9e, 0xc7, 0x90, 0x99, 0xed, 0xb1, 0x14, 0x3d, + 0x30, 0xb6, 0xbe, 0x39, 0x75, 0x4d, 0x82, 0xfd, 0x75, 0xa8, 0xc7, 0xdd, 0xf9, 0xac, 0x98, 0x73, + 0x3d, 0xfb, 0xd6, 0x72, 0x16, 0xdf, 0x61, 0x64, 0xce, 0xa0, 0x37, 0xe5, 0xe6, 0x2d, 0x4a, 0x0b, + 0x36, 0x6b, 0x3d, 0xe9, 0xd6, 0x85, 0x82, 0x3e, 0xb0, 0x39, 0x83, 0xbe, 0x0b, 0x4d, 0x3e, 0x3a, + 0x50, 0xbf, 0xef, 0x59, 0x6d, 0xcb, 0x9f, 0x93, 0xb5, 0xe3, 0x9f, 0x93, 0xb5, 0x6f, 0x7b, 0x94, + 0x1d, 0xb7, 0x0a, 0x1a, 0xb5, 0x0a, 0xc1, 0x47, 0xb0, 0xb0, 0x43, 0x58, 0xda, 0x57, 0x41, 0x4f, + 0x9f, 0xaa, 0xfb, 0xd4, 0x32, 0xf3, 0xcb, 0xc6, 0x5b, 0x33, 0xe6, 0x0c, 0xfa, 0x75, 0x09, 0x2e, + 0xec, 0x10, 0x96, 0xef, 0x54, 0xa0, 0xe7, 0x8b, 0x89, 0x4c, 0xe8, 0x68, 0xb4, 0xee, 0x9d, 0xd5, + 0xdb, 0xb2, 0x68, 0xcd, 0x19, 0xf4, 0xdb, 0x12, 0x5c, 0xd6, 0x18, 0xd3, 0x5b, 0x0f, 0x68, 0x63, + 0x3a, 0x73, 0x05, 0x6d, 0x8a, 0xd6, 0xdb, 0x67, 0xfc, 0xd9, 0x96, 0x86, 0xd2, 0x9c, 0x41, 0x07, + 0x42, 0x27, 0x69, 0xa5, 0x81, 0xae, 0x15, 0x96, 0x14, 0x09, 0xf5, 0xb5, 0x49, 0x9f, 0x13, 0x3d, + 0xbc, 0x0d, 0xcd, 0x1d, 0xc2, 0xe2, 0x94, 0x37, 0x6b, 0x69, 0xb9, 0x6a, 0x24, 0xeb, 0xaa, 0xf9, + 0x2c, 0x59, 0x58, 0xcc, 0x8a, 0xc4, 0xa5, 0xa5, 0x75, 0x59, 0x5f, 0x2d, 0xcc, 0x7f, 0xb3, 0x16, + 0x53, 0x9c, 0x15, 0x9a, 0x33, 0xe8, 0x13, 0x58, 0x2d, 0xbe, 0x7c, 0xd0, 0x33, 0xa7, 0x4e, 0x43, + 0x5a, 0x37, 0x4f, 0xb3, 0x34, 0x77, 0xa0, 0x6c, 0xf8, 0xcd, 0x1e, 0xa8, 0xf0, 0xd6, 0xca, 0x1e, + 0xa8, 0x38, 0x7a, 0x9b, 0x33, 0x6f, 0x6d, 0xfd, 0xe5, 0xcb, 0xb5, 0xd2, 0x5f, 0xbf, 0x5c, 0x2b, + 0xfd, 0xf3, 0xcb, 0xb5, 0xd2, 0x87, 0x2f, 0x9c, 0xf0, 0xe3, 0x51, 0xed, 0x97, 0xae, 0x98, 0x3a, + 0xb6, 0xeb, 0x10, 0x9f, 0x75, 0x67, 0x85, 0x37, 0xbf, 0xf0, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, + 0xd7, 0xe8, 0x89, 0x81, 0x08, 0x2b, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -3671,6 +3701,15 @@ func (m *ManifestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.InstallationID) > 0 { + i -= len(m.InstallationID) + copy(dAtA[i:], m.InstallationID) + i = encodeVarintRepository(dAtA, i, uint64(len(m.InstallationID))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xda + } if len(m.ProjectName) > 0 { i -= len(m.ProjectName) copy(dAtA[i:], m.ProjectName) @@ -4476,6 +4515,15 @@ func (m *ManifestResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.Commands) > 0 { + for iNdEx := len(m.Commands) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Commands[iNdEx]) + copy(dAtA[i:], m.Commands[iNdEx]) + i = encodeVarintRepository(dAtA, i, uint64(len(m.Commands[iNdEx]))) + i-- + dAtA[i] = 0x6a + } + } if len(m.SourcesManifestsStartingIdx) > 0 { dAtA15 := make([]byte, len(m.SourcesManifestsStartingIdx)*10) var j14 int @@ -5909,6 +5957,13 @@ func (m *UpdateRevisionForPathsRequest) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.InstallationID) > 0 { + i -= len(m.InstallationID) + copy(dAtA[i:], m.InstallationID) + i = encodeVarintRepository(dAtA, i, uint64(len(m.InstallationID))) + i-- + dAtA[i] = 0x7a + } if m.NoRevisionCache { i-- if m.NoRevisionCache { @@ -6331,6 +6386,10 @@ func (m *ManifestRequest) Size() (n int) { if l > 0 { n += 2 + l + sovRepository(uint64(l)) } + l = len(m.InstallationID) + if l > 0 { + n += 2 + l + sovRepository(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6627,6 +6686,12 @@ func (m *ManifestResponse) Size() (n int) { } n += 1 + sovRepository(uint64(l)) + l } + if len(m.Commands) > 0 { + for _, s := range m.Commands { + l = len(s) + n += 1 + l + sovRepository(uint64(l)) + } + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7278,6 +7343,10 @@ func (m *UpdateRevisionForPathsRequest) Size() (n int) { if m.NoRevisionCache { n += 2 } + l = len(m.InstallationID) + if l > 0 { + n += 1 + l + sovRepository(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -8286,6 +8355,38 @@ func (m *ManifestRequest) Unmarshal(dAtA []byte) error { } m.ProjectName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 27: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field InstallationID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.InstallationID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) @@ -9965,6 +10066,38 @@ func (m *ManifestResponse) Unmarshal(dAtA []byte) error { } else { return fmt.Errorf("proto: wrong wireType = %d for field SourcesManifestsStartingIdx", wireType) } + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Commands", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Commands = append(m.Commands, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) @@ -14236,6 +14369,38 @@ func (m *UpdateRevisionForPathsRequest) Unmarshal(dAtA []byte) error { } } m.NoRevisionCache = bool(v != 0) + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field InstallationID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRepository + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRepository + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.InstallationID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/askpass/common.go b/reposerver/askpass/common.go index 8af7e79245fa3..c9757f5878956 100644 --- a/reposerver/askpass/common.go +++ b/reposerver/askpass/common.go @@ -6,8 +6,15 @@ import ( var SocketPath = "/tmp/reposerver-ask-pass.sock" +const ( + // ASKPASS_NONCE_ENV is the environment variable that is used to pass the nonce to the askpass script + ASKPASS_NONCE_ENV = "ARGOCD_GIT_ASKPASS_NONCE" + // AKSPASS_SOCKET_PATH_ENV is the environment variable that is used to pass the socket path to the askpass script + AKSPASS_SOCKET_PATH_ENV = "ARGOCD_ASK_PASS_SOCK" +) + func init() { - SocketPath = env.StringFromEnv("ARGOCD_ASK_PASS_SOCK", SocketPath) + SocketPath = env.StringFromEnv(AKSPASS_SOCKET_PATH_ENV, SocketPath) } type Creds struct { diff --git a/reposerver/askpass/server.go b/reposerver/askpass/server.go index c34e3c332890d..2eb9f89869776 100644 --- a/reposerver/askpass/server.go +++ b/reposerver/askpass/server.go @@ -2,6 +2,7 @@ package askpass import ( "context" + "fmt" "net" "os" "sync" @@ -22,14 +23,16 @@ type Server interface { } type server struct { - lock sync.Mutex - creds map[string]Creds + lock sync.Mutex + creds map[string]Creds + socketPath string } // NewServer returns a new server -func NewServer() *server { +func NewServer(socketPath string) *server { return &server{ - creds: make(map[string]Creds), + creds: make(map[string]Creds), + socketPath: socketPath, } } @@ -58,8 +61,8 @@ func (s *server) Start(path string) (io.Closer, error) { return io.NewCloser(listener.Close), nil } -func (s *server) Run(path string) error { - _, err := s.Start(path) +func (s *server) Run() error { + _, err := s.Start(s.socketPath) return err } @@ -88,3 +91,14 @@ func (s *server) getCreds(id string) (*Creds, bool) { creds, ok := s.creds[id] return &creds, ok } + +// Environ returns the environment variables that should be set when invoking git. +func (s *server) Environ(id string) []string { + return []string{ + "GIT_ASKPASS=argocd", + fmt.Sprintf("%s=%s", ASKPASS_NONCE_ENV, id), + "GIT_TERMINAL_PROMPT=0", + "ARGOCD_BINARY_NAME=argocd-git-ask-pass", + fmt.Sprintf("%s=%s", AKSPASS_SOCKET_PATH_ENV, s.socketPath), + } +} diff --git a/reposerver/askpass/server_test.go b/reposerver/askpass/server_test.go index 311592d7f0aa7..980575a669670 100644 --- a/reposerver/askpass/server_test.go +++ b/reposerver/askpass/server_test.go @@ -7,7 +7,7 @@ import ( ) func TestAdd(t *testing.T) { - s := NewServer() + s := NewServer(SocketPath) nonce := s.Add("foo", "bar") assert.Equal(t, "foo", s.creds[nonce].Username) @@ -15,7 +15,7 @@ func TestAdd(t *testing.T) { } func TestRemove(t *testing.T) { - s := NewServer() + s := NewServer(SocketPath) s.creds["some-id"] = Creds{Username: "foo"} s.Remove("some-id") diff --git a/reposerver/cache/cache.go b/reposerver/cache/cache.go index 0e23eca384c74..79ecd4cf1471d 100644 --- a/reposerver/cache/cache.go +++ b/reposerver/cache/cache.go @@ -294,13 +294,17 @@ func (c *Cache) UnlockGitReferences(repo string, lockId string) error { // refSourceCommitSHAs is a list of resolved revisions for each ref source. This allows us to invalidate the cache // when someone pushes a commit to a source which is referenced from the main source (the one referred to by `revision`). -func manifestCacheKey(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, namespace string, trackingMethod string, appLabelKey string, appName string, info ClusterRuntimeInfo, refSourceCommitSHAs ResolvedRevisions) string { +func manifestCacheKey(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, namespace string, trackingMethod string, appLabelKey string, appName string, info ClusterRuntimeInfo, refSourceCommitSHAs ResolvedRevisions, installationID string) string { // TODO: this function is getting unwieldy. We should probably consolidate some of this stuff into a struct. For // example, revision could be part of ResolvedRevisions. And srcRefs is probably redundant now that // refSourceCommitSHAs has been added. We don't need to know the _target_ revisions of the referenced sources // when the _resolved_ revisions are already part of the key. trackingKey := trackingKey(appLabelKey, trackingMethod) - return fmt.Sprintf("mfst|%s|%s|%s|%s|%d", trackingKey, appName, revision, namespace, appSourceKey(appSrc, srcRefs, refSourceCommitSHAs)+clusterRuntimeInfoKey(info)) + key := fmt.Sprintf("mfst|%s|%s|%s|%s|%d", trackingKey, appName, revision, namespace, appSourceKey(appSrc, srcRefs, refSourceCommitSHAs)+clusterRuntimeInfoKey(info)) + if installationID != "" { + key = fmt.Sprintf("%s|%s", key, installationID) + } + return key } func trackingKey(appLabelKey string, trackingMethod string) string { @@ -327,14 +331,14 @@ func LogDebugManifestCacheKeyFields(message string, reason string, revision stri } } -func (c *Cache) SetNewRevisionManifests(newRevision string, revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, refSourceCommitSHAs ResolvedRevisions) error { - oldKey := manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs) - newKey := manifestCacheKey(newRevision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs) +func (c *Cache) SetNewRevisionManifests(newRevision string, revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, refSourceCommitSHAs ResolvedRevisions, installationID string) error { + oldKey := manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs, installationID) + newKey := manifestCacheKey(newRevision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs, installationID) return c.cache.RenameItem(oldKey, newKey, c.repoCacheExpiration) } -func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions) error { - err := c.cache.GetItem(manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs), res) +func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions, installationID string) error { + err := c.cache.GetItem(manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs, installationID), res) if err != nil { return err } @@ -350,7 +354,7 @@ func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, s LogDebugManifestCacheKeyFields("deleting manifests cache", "manifest hash did not match or cached response is empty", revision, appSrc, srcRefs, clusterInfo, namespace, trackingMethod, appLabelKey, appName, refSourceCommitSHAs) - err = c.DeleteManifests(revision, appSrc, srcRefs, clusterInfo, namespace, trackingMethod, appLabelKey, appName, refSourceCommitSHAs) + err = c.DeleteManifests(revision, appSrc, srcRefs, clusterInfo, namespace, trackingMethod, appLabelKey, appName, refSourceCommitSHAs, installationID) if err != nil { return fmt.Errorf("Unable to delete manifest after hash mismatch, %w", err) } @@ -370,7 +374,7 @@ func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, s return nil } -func (c *Cache) SetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions) error { +func (c *Cache) SetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions, installationID string) error { // Generate and apply the cache entry hash, before writing if res != nil { res = res.shallowCopy() @@ -382,7 +386,7 @@ func (c *Cache) SetManifests(revision string, appSrc *appv1.ApplicationSource, s } return c.cache.SetItem( - manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs), + manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs, installationID), res, &cacheutil.CacheActionOpts{ Expiration: c.repoCacheExpiration, @@ -390,9 +394,9 @@ func (c *Cache) SetManifests(revision string, appSrc *appv1.ApplicationSource, s }) } -func (c *Cache) DeleteManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace, trackingMethod, appLabelKey, appName string, refSourceCommitSHAs ResolvedRevisions) error { +func (c *Cache) DeleteManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace, trackingMethod, appLabelKey, appName string, refSourceCommitSHAs ResolvedRevisions, installationID string) error { return c.cache.SetItem( - manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs), + manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs, installationID), "", &cacheutil.CacheActionOpts{Delete: true}) } diff --git a/reposerver/cache/cache_test.go b/reposerver/cache/cache_test.go index c6fd54cf46612..102d61ed11f8a 100644 --- a/reposerver/cache/cache_test.go +++ b/reposerver/cache/cache_test.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "strings" "testing" "time" @@ -95,43 +94,43 @@ func TestCache_GetManifests(t *testing.T) { // cache miss q := &apiclient.ManifestRequest{} value := &CachedManifestResponse{} - err := cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + err := cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") assert.Equal(t, ErrCacheMiss, err) // populate cache res := &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type"}} - err = cache.SetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", res, nil) + err = cache.SetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", res, nil, "") require.NoError(t, err) t.Run("expect cache miss because of changed revision", func(t *testing.T) { - err = cache.GetManifests("other-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + err = cache.GetManifests("other-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache miss because of changed path", func(t *testing.T) { - err = cache.GetManifests("my-revision", &ApplicationSource{Path: "other-path"}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + err = cache.GetManifests("my-revision", &ApplicationSource{Path: "other-path"}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache miss because of changed namespace", func(t *testing.T) { - err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "other-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "other-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache miss because of changed app label key", func(t *testing.T) { - err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "other-app-label-key", "my-app-label-value", value, nil) + err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "other-app-label-key", "my-app-label-value", value, nil, "") assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache miss because of changed app label value", func(t *testing.T) { - err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "other-app-label-value", value, nil) + err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "other-app-label-value", value, nil, "") assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache miss because of changed referenced source", func(t *testing.T) { - err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "other-app-label-value", value, map[string]string{"my-referenced-source": "my-referenced-revision"}) + err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "other-app-label-value", value, map[string]string{"my-referenced-source": "my-referenced-revision"}, "") assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache hit", func(t *testing.T) { err = cache.SetManifests( "my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", - &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type", Revision: "my-revision2"}}, nil) + &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type", Revision: "my-revision2"}}, nil, "") require.NoError(t, err) - err = cache.GetManifests("my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + err = cache.GetManifests("my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") require.NoError(t, err) assert.Equal(t, "my-source-type", value.ManifestResponse.SourceType) @@ -205,7 +204,7 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { NumberOfConsecutiveFailures: 0, } q := &apiclient.ManifestRequest{} - err := repoCache.SetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, store, nil) + err := repoCache.SetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, store, nil, "") if err != nil { t.Fatal(err) } @@ -235,7 +234,7 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { // Retrieve the value using 'GetManifests' and confirm it works retrievedVal := &CachedManifestResponse{} - err = repoCache.GetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, retrievedVal, nil) + err = repoCache.GetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, retrievedVal, nil, "") if err != nil { t.Fatal(err) } @@ -257,7 +256,7 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { // Retrieve the value using GetManifests and confirm it returns a cache miss retrievedVal = &CachedManifestResponse{} - err = repoCache.GetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, retrievedVal, nil) + err = repoCache.GetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, retrievedVal, nil, "") assert.Equal(t, err, cacheutil.ErrCacheMiss) @@ -348,7 +347,7 @@ func TestCachedManifestResponse_ShallowCopyExpectedFields(t *testing.T) { // go do that first :) for _, expectedField := range expectedFields { - assert.Truef(t, strings.Contains(string(str), "\""+expectedField+"\""), "Missing field: %s", expectedField) + assert.Containsf(t, string(str), "\""+expectedField+"\"", "Missing field: %s", expectedField) } } @@ -624,7 +623,7 @@ func TestRevisionChartDetails(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) details, err := fixtures.cache.GetRevisionChartDetails("test-repo", "test-revision", "v1.0.0") - require.ErrorAs(t, err, &ErrCacheMiss) + require.ErrorIs(t, err, ErrCacheMiss) assert.Equal(t, &appv1.ChartDetails{}, details) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) @@ -690,7 +689,7 @@ func TestGetGitDirectories(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) directories, err := fixtures.cache.GetGitDirectories("test-repo", "test-revision") - require.ErrorAs(t, err, &ErrCacheMiss) + require.ErrorIs(t, err, ErrCacheMiss) assert.Empty(t, directories) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) @@ -744,7 +743,7 @@ func TestGetGitFiles(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) directories, err := fixtures.cache.GetGitFiles("test-repo", "test-revision", "*.json") - require.ErrorAs(t, err, &ErrCacheMiss) + require.ErrorIs(t, err, ErrCacheMiss) assert.Empty(t, directories) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) diff --git a/reposerver/repository/cf_repository.go b/reposerver/repository/cf_repository.go new file mode 100644 index 0000000000000..aad777b38ec28 --- /dev/null +++ b/reposerver/repository/cf_repository.go @@ -0,0 +1,88 @@ +package repository + +import ( + goio "io" + "os" + "path/filepath" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + argopath "github.com/argoproj/argo-cd/v2/util/app/path" + "github.com/argoproj/argo-cd/v2/util/git" + "github.com/argoproj/argo-cd/v2/util/io" + "github.com/argoproj/argo-cd/v2/util/kustomize" + + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func (s *Service) getCacheKeyWithKustomizeComponents( + revision string, + repo *v1alpha1.Repository, + source *v1alpha1.ApplicationSource, + settings operationSettings, + gitClient git.Client, +) (string, error) { + closer, err := s.repoLock.Lock(gitClient.Root(), revision, settings.allowConcurrent, func() (goio.Closer, error) { + return s.checkoutRevision(gitClient, revision, s.initConstants.SubmoduleEnabled) + }) + if err != nil { + return "", err + } + + defer io.Close(closer) + + appPath, err := argopath.Path(gitClient.Root(), source.Path) + if err != nil { + return "", err + } + + k := kustomize.NewKustomizeApp(gitClient.Root(), appPath, repo.GetGitCreds(s.gitCredsStore), repo.Repo, source.Kustomize.Version, "", "") + + resolveRevisionFunc := func(repoURL, revision string, creds git.Creds) (string, error) { + cloneRepo := *repo + cloneRepo.Repo = repoURL + _, res, err := s.newClientResolveRevision(&cloneRepo, revision) + return res, err + } + + return k.GetCacheKeyWithComponents(revision, source.Kustomize, resolveRevisionFunc) +} + +func kustomizeBuild( + k kustomize.Kustomize, + repoRoot string, + appPath string, + opts *v1alpha1.ApplicationSourceKustomize, + kustomizeOptions *v1alpha1.KustomizeOptions, + env *v1alpha1.Env, + buildOpts *kustomize.BuildOpts, + namespace string, +) ([]manifest, []kustomize.Image, []string, error) { + var targetObjs []*unstructured.Unstructured + + rawBytes, err := os.ReadFile(filepath.Join(appPath, "kustomization.yaml")) + if err != nil { + return nil, nil, nil, err + } + relPath, _ := filepath.Rel(repoRoot, appPath) + targetObjs, images, commands, err := k.Build(opts, kustomizeOptions, env, buildOpts, namespace) + if err != nil { + return nil, nil, nil, err + } + + jsonObjs, err := expandUnstructuredObjs(targetObjs) + if err != nil { + return nil, nil, nil, err + } + + manifests := make([]manifest, len(jsonObjs)) + for i, obj := range jsonObjs { + manifests[i] = manifest{ + rawManifest: rawBytes, + obj: obj, + path: relPath, + line: 0, + } + } + + return manifests, images, commands, nil +} diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 530a20f014d92..4ed48b24c949a 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -93,8 +93,8 @@ type Service struct { parallelismLimitSemaphore *semaphore.Weighted metricsServer *metrics.MetricsServer resourceTracking argo.ResourceTracking - newGitClient func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (git.Client, error) - newHelmClient func(repoURL string, creds helm.Creds, enableOci bool, proxy string, opts ...helm.ClientOpts) helm.Client + newGitClient func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, noProxy string, opts ...git.ClientOpts) (git.Client, error) + newHelmClient func(repoURL string, creds helm.Creds, enableOci bool, proxy string, noProxy string, opts ...helm.ClientOpts) helm.Client initConstants RepoServerInitConstants codefreshClient codefresh.CodefreshClientInterface versionConfigManager *version_config_manager.VersionConfigManager @@ -143,8 +143,8 @@ func NewService(metricsServer *metrics.MetricsServer, cache *cache.Cache, initCo metricsServer: metricsServer, newGitClient: git.NewClientExt, resourceTracking: resourceTracking, - newHelmClient: func(repoURL string, creds helm.Creds, enableOci bool, proxy string, opts ...helm.ClientOpts) helm.Client { - return helm.NewClientWithLock(repoURL, creds, sync.NewKeyLock(), enableOci, proxy, opts...) + newHelmClient: func(repoURL string, creds helm.Creds, enableOci bool, proxy string, noProxy string, opts ...helm.ClientOpts) helm.Client { + return helm.NewClientWithLock(repoURL, creds, sync.NewKeyLock(), enableOci, proxy, noProxy, opts...) }, initConstants: initConstants, now: time.Now, @@ -363,7 +363,7 @@ func (s *Service) runRepoOperation( } if !settings.noCache { - if ok, err := cacheFn(revision, repoRefs, true); ok { + if ok, err := cacheFn(cacheKey, repoRefs, true); ok { return err } } @@ -489,39 +489,6 @@ func (s *Service) runRepoOperation( } } -func (s *Service) getCacheKeyWithKustomizeComponents( - revision string, - repo *v1alpha1.Repository, - source *v1alpha1.ApplicationSource, - settings operationSettings, - gitClient git.Client, -) (string, error) { - closer, err := s.repoLock.Lock(gitClient.Root(), revision, settings.allowConcurrent, func() (goio.Closer, error) { - return s.checkoutRevision(gitClient, revision, s.initConstants.SubmoduleEnabled) - }) - if err != nil { - return "", err - } - - defer io.Close(closer) - - appPath, err := argopath.Path(gitClient.Root(), source.Path) - if err != nil { - return "", err - } - - k := kustomize.NewKustomizeApp(gitClient.Root(), appPath, repo.GetGitCreds(s.gitCredsStore), repo.Repo, source.Kustomize.Version) - - resolveRevisionFunc := func(repoURL, revision string, creds git.Creds) (string, error) { - cloneRepo := *repo - cloneRepo.Repo = repoURL - _, res, err := s.newClientResolveRevision(&cloneRepo, revision) - return res, err - } - - return k.GetCacheKeyWithComponents(revision, source.Kustomize, resolveRevisionFunc) -} - func getRepoSanitizerRegex(rootDir string) *regexp.Regexp { // This regex assumes that the sensitive part of the path (the component immediately after "rootDir") contains no // spaces. This assumption allows us to avoid sanitizing "more info" in "/tmp/_argocd-repo/SENSITIVE more info". @@ -544,7 +511,13 @@ func resolveReferencedSources(hasMultipleSources bool, source *v1alpha1.Applicat return repoRefs, nil } - for _, valueFile := range source.ValueFiles { + refFileParams := make([]string, 0) + for _, fileParam := range source.FileParameters { + refFileParams = append(refFileParams, fileParam.Path) + } + refCandidates := append(source.ValueFiles, refFileParams...) + + for _, valueFile := range refCandidates { if strings.HasPrefix(valueFile, "$") { refVar := strings.Split(valueFile, "/")[0] @@ -823,8 +796,14 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, // check whether they should be replicated in resolveReferencedSources. if q.HasMultipleSources { if q.ApplicationSource.Helm != nil { + refFileParams := make([]string, 0) + for _, fileParam := range q.ApplicationSource.Helm.FileParameters { + refFileParams = append(refFileParams, fileParam.Path) + } + refCandidates := append(q.ApplicationSource.Helm.ValueFiles, refFileParams...) + // Checkout every one of the referenced sources to the target revision before generating Manifests - for _, valueFile := range q.ApplicationSource.Helm.ValueFiles { + for _, valueFile := range refCandidates { if strings.HasPrefix(valueFile, "$") { refVar := strings.Split(valueFile, "/")[0] @@ -927,7 +906,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, // Retrieve a new copy (if available) of the cached response: this ensures we are updating the latest copy of the cache, // rather than a copy of the cache that occurred before (a potentially lengthy) manifest generation. innerRes := &cache.CachedManifestResponse{} - cacheErr := s.cache.GetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs) + cacheErr := s.cache.GetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs, q.InstallationID) if cacheErr != nil && !errors.Is(cacheErr, cache.ErrCacheMiss) { logCtx.Warnf("manifest cache get error %s: %v", appSourceCopy.String(), cacheErr) ch.errCh <- cacheErr @@ -945,7 +924,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, // Update the cache to include failure information innerRes.NumberOfConsecutiveFailures++ innerRes.MostRecentError = err.Error() - cacheErr = s.cache.SetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs) + cacheErr = s.cache.SetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs, q.InstallationID) if cacheErr != nil { logCtx.Warnf("manifest cache set error %s: %v", appSourceCopy.String(), cacheErr) @@ -969,7 +948,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, } manifestGenResult.Revision = commitSHA manifestGenResult.VerifyResult = opContext.verificationResult - err = s.cache.SetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &manifestGenCacheEntry, refSourceCommitSHAs) + err = s.cache.SetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &manifestGenCacheEntry, refSourceCommitSHAs, q.InstallationID) if err != nil { log.Warnf("manifest cache set error %s/%s: %v", appSourceCopy.String(), cacheKey, err) } @@ -986,7 +965,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe cache.LogDebugManifestCacheKeyFields("getting manifests cache", "GenerateManifest API call", cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) res := cache.CachedManifestResponse{} - err := s.cache.GetManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &res, refSourceCommitSHAs) + err := s.cache.GetManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &res, refSourceCommitSHAs, q.InstallationID) if err == nil { // The cache contains an existing value @@ -1003,7 +982,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe cache.LogDebugManifestCacheKeyFields("deleting manifests cache", "manifest hash did not match or cached response is empty", cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) // We can now try again, so reset the cache state and run the operation below - err = s.cache.DeleteManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) + err = s.cache.DeleteManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs, q.InstallationID) if err != nil { log.Warnf("manifest cache set error %s/%s: %v", q.ApplicationSource.String(), cacheKey, err) } @@ -1018,7 +997,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe cache.LogDebugManifestCacheKeyFields("deleting manifests cache", "reset after paused generation count", cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) // We can now try again, so reset the error cache state and run the operation below - err = s.cache.DeleteManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) + err = s.cache.DeleteManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs, q.InstallationID) if err != nil { log.Warnf("manifest cache set error %s/%s: %v", q.ApplicationSource.String(), cacheKey, err) } @@ -1038,7 +1017,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe // Increment the number of returned cached responses and push that new value to the cache // (if we have not already done so previously in this function) res.NumberOfCachedResponsesReturned++ - err = s.cache.SetManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &res, refSourceCommitSHAs) + err = s.cache.SetManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &res, refSourceCommitSHAs, q.InstallationID) if err != nil { log.Warnf("manifest cache set error %s/%s: %v", q.ApplicationSource.String(), cacheKey, err) } @@ -1203,7 +1182,7 @@ func isSourcePermitted(url string, repos []string) bool { return p.IsSourcePermitted(v1alpha1.ApplicationSource{RepoURL: url}) } -func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths io.TempPaths) ([]manifest, error) { +func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths io.TempPaths) ([]manifest, string, error) { concurrencyAllowed := helmConcurrencyDefault || isConcurrencyAllowed(appPath) if !concurrencyAllowed { manifestGenerateLock.Lock(appPath) @@ -1218,9 +1197,9 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie templateOpts := &helm.TemplateOpts{ Name: appName, - Namespace: q.Namespace, - KubeVersion: text.SemVer(q.KubeVersion), - APIVersions: q.ApiVersions, + Namespace: q.ApplicationSource.GetNamespaceOrDefault(q.Namespace), + KubeVersion: text.SemVer(q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion)), + APIVersions: q.ApplicationSource.GetAPIVersionsOrDefault(q.ApiVersions), Set: map[string]string{}, SetString: map[string]string{}, SetFile: map[string]pathutil.ResolvedFilePath{}, @@ -1239,7 +1218,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie resolvedValueFiles, err := getResolvedValueFiles(appPath, repoRoot, env, q.GetValuesFileSchemes(), appHelm.ValueFiles, q.RefSources, gitRepoPaths, appHelm.IgnoreMissingValueFiles) if err != nil { - return nil, fmt.Errorf("error resolving helm value files: %w", err) + return nil, "", fmt.Errorf("error resolving helm value files: %w", err) } templateOpts.Values = resolvedValueFiles @@ -1247,7 +1226,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie if !appHelm.ValuesIsEmpty() { rand, err := uuid.NewRandom() if err != nil { - return nil, fmt.Errorf("error generating random filename for Helm values file: %w", err) + return nil, "", fmt.Errorf("error generating random filename for Helm values file: %w", err) } p := path.Join(os.TempDir(), rand.String()) defer func() { @@ -1258,9 +1237,9 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie }() err = os.WriteFile(p, appHelm.ValuesYAML(), 0o644) if err != nil { - return nil, fmt.Errorf("error writing helm values file: %w", err) + return nil, "", fmt.Errorf("error writing helm values file: %w", err) } - templateOpts.Values = append(templateOpts.Values, pathutil.ResolvedFilePath(p)) + templateOpts.ExtraValues = pathutil.ResolvedFilePath(p) } for _, p := range appHelm.Parameters { @@ -1271,9 +1250,19 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie } } for _, p := range appHelm.FileParameters { - resolvedPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes()) - if err != nil { - return nil, fmt.Errorf("error resolving helm value file path: %w", err) + var resolvedPath pathutil.ResolvedFilePath + referencedSource := getReferencedSource(p.Path, q.RefSources) + if referencedSource != nil { + // If the $-prefixed path appears to reference another source, do env substitution _after_ resolving the source + resolvedPath, err = getResolvedRefValueFile(p.Path, env, q.GetValuesFileSchemes(), referencedSource.Repo.Repo, gitRepoPaths, referencedSource.Repo.Project) + if err != nil { + return nil, "", fmt.Errorf("error resolving set-file path: %w", err) + } + } else { + resolvedPath, _, err = pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes()) + if err != nil { + return nil, "", fmt.Errorf("error resolving helm value file path: %w", err) + } } templateOpts.SetFile[p.Name] = resolvedPath } @@ -1297,24 +1286,20 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie helmRepos, err := getHelmRepos(appPath, q.Repos, q.HelmRepoCreds) if err != nil { - return nil, fmt.Errorf("error getting helm repos: %w", err) + return nil, "", fmt.Errorf("error getting helm repos: %w", err) } - h, err := helm.NewHelmApp(appPath, helmRepos, isLocal, version, proxy, passCredentials) + h, err := helm.NewHelmApp(appPath, helmRepos, isLocal, version, proxy, q.Repo.NoProxy, passCredentials) if err != nil { - return nil, fmt.Errorf("error initializing helm app object: %w", err) + return nil, "", fmt.Errorf("error initializing helm app object: %w", err) } defer h.Dispose() - err = h.Init() - if err != nil { - return nil, fmt.Errorf("error initializing helm app: %w", err) - } - out, err := h.Template(templateOpts) + out, command, err := h.Template(templateOpts) if err != nil { if !helm.IsMissingDependencyErr(err) { - return nil, err + return nil, "", err } if concurrencyAllowed { @@ -1339,15 +1324,15 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie } if len(reposNotPermitted) > 0 { - return nil, status.Errorf(codes.PermissionDenied, "helm repos %s are not permitted in project '%s'", strings.Join(reposNotPermitted, ", "), q.ProjectName) + return nil, "", status.Errorf(codes.PermissionDenied, "helm repos %s are not permitted in project '%s'", strings.Join(reposNotPermitted, ", "), q.ProjectName) } - return nil, err + return nil, "", err } - out, err = h.Template(templateOpts) + out, command, err = h.Template(templateOpts) if err != nil { - return nil, err + return nil, "", err } } @@ -1361,17 +1346,15 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie chartBytes = data } } - - objects, err := kube.SplitYAML([]byte(out)) + objs, err := kube.SplitYAML([]byte(out)) if err != nil { - return nil, fmt.Errorf("failed to split helm resources: %w", err) + return nil, "", fmt.Errorf("failed to split helm resources: %w", err) } - jsonObjs, err := expandUnstructuredObjs(objects) + jsonObjs, err := expandUnstructuredObjs(objs) if err != nil { - return nil, err + return nil, "", err } - manifests := make([]manifest, len(jsonObjs)) for i, obj := range jsonObjs { manifests[i] = manifest{ @@ -1382,7 +1365,26 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie } } - return manifests, nil + redactedCommand := redactPaths(command, gitRepoPaths, templateOpts.ExtraValues) + + return manifests, redactedCommand, err +} + +// redactPaths removes temp repo paths, since those paths are randomized (and therefore not helpful for the user) and +// sensitive (so not suitable for logging). It also replaces the path of the randomly-named values file which is used +// to hold the `spec.source.helm.values` or `valuesObject` contents. +func redactPaths(s string, paths io.TempPaths, extraValuesPath pathutil.ResolvedFilePath) string { + if paths == nil { + return s + } + for _, p := range paths.GetPaths() { + s = strings.ReplaceAll(s, p, ".") + } + if extraValuesPath != "" { + // Replace with a placeholder so that the user knows what this values file was for. + s = strings.ReplaceAll(s, string(extraValuesPath), "") + } + return s } func getResolvedValueFiles( @@ -1534,16 +1536,23 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, repoURL = q.Repo.Repo } + var commands []string + switch appSourceType { case v1alpha1.ApplicationSourceTypeHelm: - manifests, err = helmTemplate(appPath, repoRoot, env, q, isLocal, gitRepoPaths) + var command string + manifests, command, err = helmTemplate(appPath, repoRoot, env, q, isLocal, gitRepoPaths) + commands = append(commands, command) case v1alpha1.ApplicationSourceTypeKustomize: kustomizeBinary := "" if q.KustomizeOptions != nil { kustomizeBinary = q.KustomizeOptions.BinaryPath } - k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(gitCredsStore), repoURL, kustomizeBinary) - manifests, err = kustomizeBuild(k, repoRoot, appPath, q.ApplicationSource.Kustomize, q.KustomizeOptions, env, q.Namespace) + k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(gitCredsStore), repoURL, kustomizeBinary, q.Repo.Proxy, q.Repo.NoProxy) + manifests, _, commands, err = kustomizeBuild(k, repoRoot, appPath, q.ApplicationSource.Kustomize, q.KustomizeOptions, env, &kustomize.BuildOpts{ + KubeVersion: text.SemVer(q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion)), + APIVersions: q.ApplicationSource.GetAPIVersionsOrDefault(q.ApiVersions), + }, q.Namespace) case v1alpha1.ApplicationSourceTypePlugin: pluginName := "" if q.ApplicationSource.Plugin != nil { @@ -1567,10 +1576,10 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, return nil, err } - resManifests := make([]*apiclient.Manifest, len(manifests)) - for i, m := range manifests { + resManifests := make([]*apiclient.Manifest, 0) + for _, m := range manifests { if q.AppLabelKey != "" && q.AppName != "" && !kube.IsCRD(m.obj) { - err = resourceTracking.SetAppInstance(m.obj, q.AppLabelKey, q.AppName, q.Namespace, v1alpha1.TrackingMethod(q.TrackingMethod)) + err = resourceTracking.SetAppInstance(m.obj, q.AppLabelKey, q.AppName, q.Namespace, v1alpha1.TrackingMethod(q.TrackingMethod), q.InstallationID) if err != nil { return nil, err } @@ -1581,17 +1590,18 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, return nil, err } - resManifests[i] = &apiclient.Manifest{ + resManifests = append(resManifests, &apiclient.Manifest{ CompiledManifest: string(manifestStr), RawManifest: string(m.rawManifest), Path: m.path, Line: int32(m.line), - } + }) } res := apiclient.ManifestResponse{ Manifests: resManifests, SourceType: string(appSourceType), + Commands: commands, } if appSourceType == v1alpha1.ApplicationSourceTypeHelm { @@ -1769,45 +1779,6 @@ func isNullList(obj *unstructured.Unstructured) bool { return field == nil } -func kustomizeBuild( - k kustomize.Kustomize, - repoRoot string, - appPath string, - opts *v1alpha1.ApplicationSourceKustomize, - kustomizeOptions *v1alpha1.KustomizeOptions, - env *v1alpha1.Env, - namespace string, -) ([]manifest, error) { - var targetObjs []*unstructured.Unstructured - - rawBytes, err := os.ReadFile(filepath.Join(appPath, "kustomization.yaml")) - if err != nil { - return nil, err - } - relPath, _ := filepath.Rel(repoRoot, appPath) - targetObjs, _, err = k.Build(opts, kustomizeOptions, env, namespace) - if err != nil { - return nil, err - } - - jsonObjs, err := expandUnstructuredObjs(targetObjs) - if err != nil { - return nil, err - } - - manifests := make([]manifest, len(jsonObjs)) - for i, obj := range jsonObjs { - manifests[i] = manifest{ - rawManifest: rawBytes, - obj: obj, - path: relPath, - line: 0, - } - } - - return manifests, nil -} - var manifestFile = regexp.MustCompile(`^.*\.(yaml|yml|json|jsonnet)$`) // findManifests looks at all yaml files in a directory and unmarshals them into a list of unstructured objects @@ -2287,7 +2258,7 @@ func (s *Service) GetAppDetails(ctx context.Context, q *apiclient.RepoServerAppD return err } case v1alpha1.ApplicationSourceTypePlugin: - if err := populatePluginAppDetails(ctx, res, opContext.appPath, repoRoot, q, s.gitCredsStore, s.initConstants.CMPTarExcludedGlobs); err != nil { + if err := populatePluginAppDetails(ctx, res, opContext.appPath, repoRoot, q, s.initConstants.CMPTarExcludedGlobs); err != nil { return fmt.Errorf("failed to populate plugin app details: %w", err) } } @@ -2344,15 +2315,11 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin if err != nil { return err } - h, err := helm.NewHelmApp(appPath, helmRepos, false, version, q.Repo.Proxy, passCredentials) + h, err := helm.NewHelmApp(appPath, helmRepos, false, version, q.Repo.Proxy, q.Repo.NoProxy, passCredentials) if err != nil { return err } defer h.Dispose() - err = h.Init() - if err != nil { - return err - } if resolvedValuesPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, "values.yaml", []string{}); err == nil { if err := loadFileIntoIfExists(resolvedValuesPath, &res.Helm.Values); err != nil { @@ -2429,7 +2396,7 @@ func populateKustomizeAppDetails(res *apiclient.RepoAppDetailsResponse, q *apicl if q.KustomizeOptions != nil { kustomizeBinary = q.KustomizeOptions.BinaryPath } - k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(credsStore), q.Repo.Repo, kustomizeBinary) + k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(credsStore), q.Repo.Repo, kustomizeBinary, q.Repo.Proxy, q.Repo.NoProxy) fakeManifestRequest := apiclient.ManifestRequest{ AppName: q.AppName, Namespace: "", // FIXME: omit it for now @@ -2437,7 +2404,7 @@ func populateKustomizeAppDetails(res *apiclient.RepoAppDetailsResponse, q *apicl ApplicationSource: q.Source, } env := newEnv(&fakeManifestRequest, reversion) - _, images, err := k.Build(q.Source.Kustomize, q.KustomizeOptions, env, "") + _, images, _, err := k.Build(q.Source.Kustomize, q.KustomizeOptions, env, nil, "") if err != nil { return err } @@ -2445,7 +2412,7 @@ func populateKustomizeAppDetails(res *apiclient.RepoAppDetailsResponse, q *apicl return nil } -func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetailsResponse, appPath string, repoPath string, q *apiclient.RepoServerAppDetailsQuery, store git.CredsStore, tarExcludedGlobs []string) error { +func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetailsResponse, appPath string, repoPath string, q *apiclient.RepoServerAppDetailsQuery, tarExcludedGlobs []string) error { res.Plugin = &apiclient.PluginAppSpec{} envVars := []string{ @@ -2590,7 +2557,7 @@ func (s *Service) GetRevisionChartDetails(ctx context.Context, q *apiclient.Repo return nil, fmt.Errorf("error extracting chart: %w", err) } defer io.Close(closer) - helmCmd, err := helm.NewCmdWithVersion(chartPath, helm.HelmV3, q.Repo.EnableOCI, q.Repo.Proxy) + helmCmd, err := helm.NewCmdWithVersion(chartPath, q.Repo.EnableOCI, q.Repo.Proxy, q.Repo.NoProxy) if err != nil { return nil, fmt.Errorf("error creating helm cmd: %w", err) } @@ -2624,7 +2591,7 @@ func (s *Service) newClient(repo *v1alpha1.Repository, opts ...git.ClientOpts) ( return nil, err } opts = append(opts, git.WithEventHandlers(metrics.NewGitClientEventHandlers(s.metricsServer))) - return s.newGitClient(repo.Repo, repoPath, repo.GetGitCreds(s.gitCredsStore), repo.IsInsecure(), repo.EnableLFS, repo.Proxy, opts...) + return s.newGitClient(repo.Repo, repoPath, repo.GetGitCreds(s.gitCredsStore), repo.IsInsecure(), repo.EnableLFS, repo.Proxy, repo.NoProxy, opts...) } // newClientResolveRevision is a helper to perform the common task of instantiating a git client @@ -2644,7 +2611,7 @@ func (s *Service) newClientResolveRevision(repo *v1alpha1.Repository, revision s func (s *Service) newHelmClientResolveRevision(repo *v1alpha1.Repository, revision string, chart string, noRevisionCache bool) (helm.Client, string, error) { enableOCI := repo.EnableOCI || helm.IsHelmOciRepo(repo.Repo) - helmClient := s.newHelmClient(repo.Repo, repo.GetHelmCreds(), enableOCI, repo.Proxy, helm.WithIndexCache(s.cache), helm.WithChartPaths(s.chartPaths)) + helmClient := s.newHelmClient(repo.Repo, repo.GetHelmCreds(), enableOCI, repo.Proxy, repo.NoProxy, helm.WithIndexCache(s.cache), helm.WithChartPaths(s.chartPaths)) if helm.IsVersion(revision) { return helmClient, revision, nil } @@ -2757,7 +2724,7 @@ func checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bo } func (s *Service) GetHelmCharts(ctx context.Context, q *apiclient.HelmChartsRequest) (*apiclient.HelmChartsResponse, error) { - index, err := s.newHelmClient(q.Repo.Repo, q.Repo.GetHelmCreds(), q.Repo.EnableOCI, q.Repo.Proxy, helm.WithChartPaths(s.chartPaths)).GetIndex(true, s.initConstants.HelmRegistryMaxIndexSize) + index, err := s.newHelmClient(q.Repo.Repo, q.Repo.GetHelmCreds(), q.Repo.EnableOCI, q.Repo.Proxy, q.Repo.NoProxy, helm.WithIndexCache(s.cache), helm.WithChartPaths(s.chartPaths)).GetIndex(true, s.initConstants.HelmRegistryMaxIndexSize) if err != nil { return nil, err } @@ -2782,17 +2749,17 @@ func (s *Service) TestRepository(ctx context.Context, q *apiclient.TestRepositor } checks := map[string]func() error{ "git": func() error { - return git.TestRepo(repo.Repo, repo.GetGitCreds(s.gitCredsStore), repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy) + return git.TestRepo(repo.Repo, repo.GetGitCreds(s.gitCredsStore), repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy, repo.NoProxy) }, "helm": func() error { if repo.EnableOCI { if !helm.IsHelmOciRepo(repo.Repo) { return errors.New("OCI Helm repository URL should include hostname and port only") } - _, err := helm.NewClient(repo.Repo, repo.GetHelmCreds(), repo.EnableOCI, repo.Proxy).TestHelmOCI() + _, err := helm.NewClient(repo.Repo, repo.GetHelmCreds(), repo.EnableOCI, repo.Proxy, repo.NoProxy).TestHelmOCI() return err } else { - _, err := helm.NewClient(repo.Repo, repo.GetHelmCreds(), repo.EnableOCI, repo.Proxy).GetIndex(false, s.initConstants.HelmRegistryMaxIndexSize) + _, err := helm.NewClient(repo.Repo, repo.GetHelmCreds(), repo.EnableOCI, repo.Proxy, repo.NoProxy).GetIndex(false, s.initConstants.HelmRegistryMaxIndexSize) return err } }, @@ -2823,7 +2790,7 @@ func (s *Service) ResolveRevision(ctx context.Context, q *apiclient.ResolveRevis AmbiguousRevision: fmt.Sprintf("%v (%v)", ambiguousRevision, revision), }, nil } else { - gitClient, err := git.NewClient(repo.Repo, repo.GetGitCreds(s.gitCredsStore), repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy) + gitClient, err := git.NewClient(repo.Repo, repo.GetGitCreds(s.gitCredsStore), repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy, repo.NoProxy) if err != nil { return &apiclient.ResolveRevisionResponse{Revision: "", AmbiguousRevision: ""}, err } @@ -3028,7 +2995,7 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U return &apiclient.UpdateRevisionForPathsResponse{}, nil } - gitClientOpts := git.WithCache(s.cache, !request.GetNoRevisionCache()) + gitClientOpts := git.WithCache(s.cache, !request.NoRevisionCache) gitClient, revision, err := s.newClientResolveRevision(repo, revision, gitClientOpts) if err != nil { return nil, status.Errorf(codes.Internal, "unable to resolve git revision %s: %v", revision, err) @@ -3075,14 +3042,21 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U if err != nil { // Only warn with the error, no need to block anything if there is a caching error. logCtx.Warnf("error updating cached revision for repo %s with revision %s: %v", repo.Repo, revision, err) - return &apiclient.UpdateRevisionForPathsResponse{Revision: revision}, nil + return &apiclient.UpdateRevisionForPathsResponse{ + Revision: revision, + }, nil } - return &apiclient.UpdateRevisionForPathsResponse{Revision: revision}, nil + return &apiclient.UpdateRevisionForPathsResponse{ + Revision: revision, + }, nil } logCtx.Debugf("changes found for application %s in repo %s from revision %s to revision %s", request.AppName, repo.Repo, syncedRevision, revision) - return &apiclient.UpdateRevisionForPathsResponse{Changes: true, Revision: revision}, nil + return &apiclient.UpdateRevisionForPathsResponse{ + Revision: revision, + Changes: true, + }, nil } func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev string, request *apiclient.UpdateRevisionForPathsRequest, gitClientOpts git.ClientOpts) error { @@ -3100,7 +3074,7 @@ func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev } } - err := s.cache.SetNewRevisionManifests(newRev, oldRev, request.ApplicationSource, request.RefSources, request, request.Namespace, request.TrackingMethod, request.AppLabelKey, request.AppName, repoRefs) + err := s.cache.SetNewRevisionManifests(newRev, oldRev, request.ApplicationSource, request.RefSources, request, request.Namespace, request.TrackingMethod, request.AppLabelKey, request.AppName, repoRefs, request.InstallationID) if err != nil { if errors.Is(err, cache.ErrCacheMiss) { logCtx.Debugf("manifest cache miss during comparison for application %s in repo %s from revision %s", request.AppName, request.GetRepo().Repo, oldRev) diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 90de0e1a7c4b7..1f14180864c54 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -23,7 +23,9 @@ message ManifestRequest { // Deprecated: use sidecar plugins instead. repeated github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigManagementPlugin plugins = 12; github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.KustomizeOptions kustomizeOptions = 13; + // KubeVersion is the Kubernetes API version from the destination cluster. string kubeVersion = 14; + // ApiVersions is the list of API versions from the destination cluster, used for rendering Helm charts. repeated string apiVersions = 15; // Request to verify the signature when generating the manifests (only for Git repositories) bool verifySignature = 16; @@ -39,6 +41,8 @@ message ManifestRequest { repeated string projectSourceRepos = 25; // This is used to surface "source not permitted" errors for Helm repositories string projectName = 26; + // Holds instance installation id + string installationID = 27; } message ManifestRequestWithFiles { @@ -130,6 +134,8 @@ message ManifestResponse { ApplicationVersions applicationVersions = 11; // for multisourced apps will be [0,12,20], so this means that 0-11 - from first app source, 12-19 from second one, 20-x - third one repeated int32 sourcesManifestsStartingIdx = 12; + // Commands is the list of commands used to hydrate the manifests + repeated string commands = 13; } message ListRefsRequest { @@ -313,8 +319,9 @@ message UpdateRevisionForPathsRequest { string syncedRevision = 11; string revision = 12; repeated string paths = 13; - + bool noRevisionCache = 14; + string installationID = 15; } message UpdateRevisionForPathsResponse { diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 371f4fc523921..8282dcbc15f5d 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -13,6 +13,7 @@ import ( "path" "path/filepath" "regexp" + "slices" "sort" "strings" "sync" @@ -21,6 +22,7 @@ import ( log "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/util/intstr" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" @@ -97,6 +99,10 @@ func newCacheMocksWithOpts(repoCacheExpiration, revisionCacheExpiration, revisio } } +func applyCfGitClientMocks(gitClientMock *gitmocks.Client) { + gitClientMock.On("RevisionMetadata", mock.Anything).Return(nil, errors.New("cant fetch metadata")) +} + func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *gitmocks.Client, *repoCacheMocks) { root, err := filepath.Abs(root) if err != nil { @@ -111,7 +117,6 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git gitClient.On("CommitSHA").Return(mock.Anything, nil) gitClient.On("Root").Return(root) gitClient.On("IsAnnotatedTag").Return(false) - gitClient.On("RevisionMetadata", mock.Anything).Return(nil, errors.New("cant fetch metadata")) if signed { gitClient.On("VerifyCommitSignature", mock.Anything).Return(testSignature, nil) } else { @@ -134,6 +139,7 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git paths.On("Add", mock.Anything, mock.Anything).Return(root, nil) paths.On("GetPath", mock.Anything).Return(root, nil) paths.On("GetPathIfExists", mock.Anything).Return(root, nil) + paths.On("GetPaths").Return(map[string]string{"fake-nonce": root}) }, root) } @@ -146,10 +152,10 @@ func newServiceWithOpt(t *testing.T, cf clientFunc, root string) (*Service, *git t.Cleanup(cacheMocks.mockCache.StopRedisCallback) service := NewService(metrics.NewMetricsServer(), cacheMocks.cache, RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, root) - service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (client git.Client, e error) { + service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, noProxy string, opts ...git.ClientOpts) (client git.Client, e error) { return gitClient, nil } - service.newHelmClient = func(repoURL string, creds helm.Creds, enableOci bool, proxy string, opts ...helm.ClientOpts) helm.Client { + service.newHelmClient = func(repoURL string, creds helm.Creds, enableOci bool, proxy string, noProxy string, opts ...helm.ClientOpts) helm.Client { return helmClient } service.gitRepoInitializer = func(rootPath string) goio.Closer { @@ -160,12 +166,14 @@ func newServiceWithOpt(t *testing.T, cf clientFunc, root string) (*Service, *git } func newService(t *testing.T, root string) *Service { - service, _, _ := newServiceWithMocks(t, root, false) + service, gm, _ := newServiceWithMocks(t, root, false) + applyCfGitClientMocks(gm) return service } func newServiceWithSignature(t *testing.T, root string) *Service { - service, _, _ := newServiceWithMocks(t, root, true) + service, gm, _ := newServiceWithMocks(t, root, true) + applyCfGitClientMocks(gm) return service } @@ -195,7 +203,7 @@ func newServiceWithCommitSHA(t *testing.T, root, revision string) *Service { paths.On("GetPathIfExists", mock.Anything).Return(root, nil) }, root) - service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (client git.Client, e error) { + service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, noProxy string, opts ...git.ClientOpts) (client git.Client, e error) { return gitClient, nil } @@ -214,7 +222,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) { } // update this value if we add/remove manifests - const countOfManifests = 48 // codefresh has only 48 because notification not included but we have event-reporter (count yamls in /manifests/base) + const countOfManifests = 50 res1, err := service.GenerateManifest(context.Background(), &q) @@ -317,7 +325,7 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []*apiclient.Manifest{{CompiledManifest: "Fake"}}, Revision: mock.Anything} - err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: cachedFakeResponse}, nil) + err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: cachedFakeResponse}, nil, "") require.NoError(t, err) res, err := service.GenerateManifest(context.Background(), &q) @@ -333,6 +341,7 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { func TestGenerateManifests_EmptyCache(t *testing.T) { service, gitMocks, mockCache := newServiceWithMocks(t, "../../manifests/base", false) + applyCfGitClientMocks(gitMocks) src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ @@ -342,12 +351,12 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { ProjectSourceRepos: []string{"*"}, } - err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil) + err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil, "") require.NoError(t, err) res, err := service.GenerateManifest(context.Background(), &q) require.NoError(t, err) - assert.Positive(t, len(res.Manifests)) + assert.NotEmpty(t, res.Manifests) mockCache.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 2, ExternalGets: 2, @@ -367,7 +376,7 @@ func TestGenerateManifest_RefOnlyShortCircuit(t *testing.T) { cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) service := NewService(metrics.NewMetricsServer(), cacheMocks.cache, RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, repopath) - service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (client git.Client, e error) { + service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, noProxy string, opts ...git.ClientOpts) (client git.Client, e error) { opts = append(opts, git.WithEventHandlers(git.EventHandlers{ // Primary check, we want to make sure ls-remote is not called when the item is in cache OnLsRemote: func(repo string) func() { @@ -381,7 +390,7 @@ func TestGenerateManifest_RefOnlyShortCircuit(t *testing.T) { } }, })) - gitClient, err := git.NewClientExt(rawRepoURL, root, creds, insecure, enableLfs, proxy, opts...) + gitClient, err := git.NewClientExt(rawRepoURL, root, creds, insecure, enableLfs, proxy, noProxy, opts...) return gitClient, err } revision := initGitRepo(t, newGitRepoOptions{ @@ -435,7 +444,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { service := NewService(metrics.NewMetricsServer(), cacheMocks.cache, RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, repopath) var gitClient git.Client var err error - service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (client git.Client, e error) { + service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, noProxy string, opts ...git.ClientOpts) (client git.Client, e error) { opts = append(opts, git.WithEventHandlers(git.EventHandlers{ // Primary check, we want to make sure ls-remote is not called when the item is in cache OnLsRemote: func(repo string) func() { @@ -444,7 +453,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { } }, })) - gitClient, err = git.NewClientExt(rawRepoURL, root, creds, insecure, enableLfs, proxy, opts...) + gitClient, err = git.NewClientExt(rawRepoURL, root, creds, insecure, enableLfs, proxy, noProxy, opts...) return gitClient, err } repoRemote := fmt.Sprintf("file://%s", repopath) @@ -487,6 +496,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { func TestHelmManifestFromChartRepo(t *testing.T) { root := t.TempDir() service, gitMocks, mockCache := newServiceWithMocks(t, root, false) + applyCfGitClientMocks(gitMocks) source := &argoappv1.ApplicationSource{Chart: "my-chart", TargetRevision: ">= 1.0.0"} request := &apiclient.ManifestRequest{ Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", @@ -507,6 +517,7 @@ func TestHelmManifestFromChartRepo(t *testing.T) { Server: "", Revision: "1.1.0", SourceType: "Helm", + Commands: []string{`helm template . --name-template "" --include-crds`}, }, response) mockCache.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 1, @@ -550,6 +561,7 @@ func TestHelmChartReferencingExternalValues(t *testing.T) { Server: "", Revision: "1.1.0", SourceType: "Helm", + Commands: []string{`helm template . --name-template "" --values ./testdata/my-chart/my-chart-values.yaml --include-crds`}, }, response) } @@ -629,6 +641,7 @@ func TestHelmChartReferencingExternalValues_OutOfBounds_Symlink(t *testing.T) { err = os.WriteFile("./testdata/oob-symlink/values.yaml", []byte("foo: bar"), 0o644) require.NoError(t, err) spec := argoappv1.ApplicationSpec{ + Project: "default", Sources: []argoappv1.ApplicationSource{ {RepoURL: "https://helm.example.com", Chart: "my-chart", TargetRevision: ">= 1.0.0", Helm: &argoappv1.ApplicationSourceHelm{ // Reference `ref` but do not use the oob symlink. The mere existence of the link should be enough to @@ -651,6 +664,7 @@ func TestHelmChartReferencingExternalValues_OutOfBounds_Symlink(t *testing.T) { func TestGenerateManifestsUseExactRevision(t *testing.T) { service, gitClient, _ := newServiceWithMocks(t, ".", false) + applyCfGitClientMocks(gitClient) src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} @@ -787,7 +801,7 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { assert.NotNil(t, manifestRequest) cachedManifestResponse := &cache.CachedManifestResponse{} - err := service.cache.GetManifests(mock.Anything, manifestRequest.ApplicationSource, manifestRequest.RefSources, manifestRequest, manifestRequest.Namespace, "", manifestRequest.AppLabelKey, manifestRequest.AppName, cachedManifestResponse, nil) + err := service.cache.GetManifests(mock.Anything, manifestRequest.ApplicationSource, manifestRequest.RefSources, manifestRequest, manifestRequest.Namespace, "", manifestRequest.AppLabelKey, manifestRequest.AppName, cachedManifestResponse, nil, "") require.NoError(t, err) return cachedManifestResponse } @@ -1272,6 +1286,7 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) { Server: "", Revision: "1.1.0", SourceType: "Helm", + Commands: []string{`helm template . --name-template "" --values ./testdata/my-chart/my-chart-values.yaml --include-crds`}, }, response) } @@ -1605,6 +1620,8 @@ func TestListApps(t *testing.T) { "values-files": "Helm", "helm-with-dependencies": "Helm", "helm-with-dependencies-alias": "Helm", + "helm-with-local-dependency": "Helm", + "simple-chart": "Helm", } assert.Equal(t, expectedApps, res.Apps) } @@ -1699,6 +1716,72 @@ func TestGetHelmCharts(t *testing.T) { assert.EqualValues(t, []string{"1.0.0", "1.1.0"}, item2.Versions) } +func TestGetRevisionMetadata(t *testing.T) { + service, gitClient, _ := newServiceWithMocks(t, "../..", false) + now := time.Now() + + gitClient.On("RevisionMetadata", mock.Anything).Return(&git.RevisionMetadata{ + Message: "test", + Author: "author", + Date: now, + Tags: []string{"tag1", "tag2"}, + }, nil) + + res, err := service.GetRevisionMetadata(context.Background(), &apiclient.RepoServerRevisionMetadataRequest{ + Repo: &argoappv1.Repository{}, + Revision: "c0b400fc458875d925171398f9ba9eabd5529923", + CheckSignature: true, + }) + + require.NoError(t, err) + assert.Equal(t, "test", res.Message) + assert.Equal(t, now, res.Date.Time) + assert.Equal(t, "author", res.Author) + assert.EqualValues(t, []string{"tag1", "tag2"}, res.Tags) + assert.NotEmpty(t, res.SignatureInfo) + + // Check for truncated revision value + res, err = service.GetRevisionMetadata(context.Background(), &apiclient.RepoServerRevisionMetadataRequest{ + Repo: &argoappv1.Repository{}, + Revision: "c0b400f", + CheckSignature: true, + }) + + require.NoError(t, err) + assert.Equal(t, "test", res.Message) + assert.Equal(t, now, res.Date.Time) + assert.Equal(t, "author", res.Author) + assert.EqualValues(t, []string{"tag1", "tag2"}, res.Tags) + assert.NotEmpty(t, res.SignatureInfo) + + // Cache hit - signature info should not be in result + res, err = service.GetRevisionMetadata(context.Background(), &apiclient.RepoServerRevisionMetadataRequest{ + Repo: &argoappv1.Repository{}, + Revision: "c0b400fc458875d925171398f9ba9eabd5529923", + CheckSignature: false, + }) + require.NoError(t, err) + assert.Empty(t, res.SignatureInfo) + + // Enforce cache miss - signature info should not be in result + res, err = service.GetRevisionMetadata(context.Background(), &apiclient.RepoServerRevisionMetadataRequest{ + Repo: &argoappv1.Repository{}, + Revision: "da52afd3b2df1ec49470603d8bbb46954dab1091", + CheckSignature: false, + }) + require.NoError(t, err) + assert.Empty(t, res.SignatureInfo) + + // Cache hit on previous entry that did not have signature info + res, err = service.GetRevisionMetadata(context.Background(), &apiclient.RepoServerRevisionMetadataRequest{ + Repo: &argoappv1.Repository{}, + Revision: "da52afd3b2df1ec49470603d8bbb46954dab1091", + CheckSignature: true, + }) + require.NoError(t, err) + assert.NotEmpty(t, res.SignatureInfo) +} + func TestGetSignatureVerificationResult(t *testing.T) { // Commit with signature and verification requested { @@ -2063,7 +2146,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { // Try to pull from the cache with a `source` that does not include any overrides. Overrides should not be // part of the cache key, because you can't get the overrides without a repo operation. And avoiding repo // operations is the point of the cache. - err = service.cache.GetManifests(mock.Anything, source, argoappv1.RefTargetRevisionMapping{}, &argoappv1.ClusterInfo{}, "", "", "", "test", res, nil) + err = service.cache.GetManifests(mock.Anything, source, argoappv1.RefTargetRevisionMapping{}, &argoappv1.ClusterInfo{}, "", "", "", "test", res, nil, "") require.NoError(t, err) }) }) @@ -2186,6 +2269,78 @@ func TestGenerateManifestWithAnnotatedTagsAndMultiSourceApp(t *testing.T) { } } +func TestGenerateMultiSourceHelmWithFileParameter(t *testing.T) { + expectedFileContent, err := os.ReadFile("../../util/helm/testdata/external/external-secret.txt") + require.NoError(t, err) + + service := newService(t, "../../util/helm/testdata") + + testCases := []struct { + name string + refSources map[string]*argoappv1.RefTarget + expectedContent string + expectedErr bool + }{{ + name: "Successfully resolve multi-source ref for helm set-file", + refSources: map[string]*argoappv1.RefTarget{ + "$global": { + TargetRevision: "HEAD", + }, + }, + expectedContent: string(expectedFileContent), + expectedErr: false, + }, { + name: "Failed to resolve multi-source ref for helm set-file", + refSources: map[string]*argoappv1.RefTarget{}, + expectedContent: "DOES-NOT-EXIST", + expectedErr: true, + }} + + for i := range testCases { + tc := testCases[i] + t.Run(tc.name, func(t *testing.T) { + manifestRequest := &apiclient.ManifestRequest{ + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{ + Ref: "$global", + Path: "./redis", + TargetRevision: "HEAD", + Helm: &argoappv1.ApplicationSourceHelm{ + ValueFiles: []string{"$global/redis/values-production.yaml"}, + FileParameters: []argoappv1.HelmFileParameter{{ + Name: "passwordContent", + Path: "$global/external/external-secret.txt", + }}, + }, + }, + HasMultipleSources: true, + NoCache: true, + RefSources: tc.refSources, + } + + res, err := service.GenerateManifest(context.Background(), manifestRequest) + + if !tc.expectedErr { + require.NoError(t, err) + + manifests := []apiclient.Manifest{} + + for _, i := range res.Manifests { + manifests = append(manifests, *i) + } + + // Check that any of the manifests contains the secret + idx := slices.IndexFunc(manifests, func(content apiclient.Manifest) bool { + return strings.Contains(content.CompiledManifest, tc.expectedContent) + }) + assert.GreaterOrEqual(t, idx, 0, "No manifest contains the value set with the helm fileParameters") + } else { + assert.Error(t, err) + } + }) + } +} + func TestFindResources(t *testing.T) { testCases := []struct { name string @@ -2920,7 +3075,7 @@ func TestCheckoutRevisionCanGetNonstandardRefs(t *testing.T) { destRepoPath, err := os.MkdirTemp(rootPath, "") require.NoError(t, err) - gitClient, err := git.NewClientExt("file://"+sourceRepoPath, destRepoPath, &git.NopCreds{}, true, false, "") + gitClient, err := git.NewClientExt("file://"+sourceRepoPath, destRepoPath, &git.NopCreds{}, true, false, "", "") require.NoError(t, err) pullSha, err := gitClient.LsRemote("refs/pull/123/head") @@ -3655,8 +3810,8 @@ func TestUpdateRevisionForPaths(t *testing.T) { Paths: []string{"."}, }, }, want: &apiclient.UpdateRevisionForPathsResponse{ - Changes: true, Revision: "632039659e542ed7de0c170a4fcc1c571b288fc0", + Changes: true, }, wantErr: assert.NoError}, {name: "NoChangesUpdateCache", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { @@ -3792,7 +3947,7 @@ func TestGetRefs_CacheWithLockDisabled(t *testing.T) { wg.Add(1) go func() { defer wg.Done() - client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) + client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -3819,7 +3974,7 @@ func TestGetRefs_CacheDisabled(t *testing.T) { }) cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) - client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, false)) + client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, false)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -3848,7 +4003,7 @@ func TestGetRefs_CacheWithLock(t *testing.T) { wg.Add(1) go func() { defer wg.Done() - client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) + client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -3877,7 +4032,7 @@ func TestGetRefs_CacheUnlockedOnUpdateFailed(t *testing.T) { cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) repoUrl := fmt.Sprintf("file://%s", dir) - client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) + client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -3908,7 +4063,7 @@ func TestGetRefs_CacheLockTryLockGitRefCacheError(t *testing.T) { repoUrl := fmt.Sprintf("file://%s", dir) // buf := bytes.Buffer{} // log.SetOutput(&buf) - client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) + client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -4012,3 +4167,184 @@ func TestVerifyCommitSignature(t *testing.T) { require.NoError(t, err) }) } + +func Test_GenerateManifests_Commands(t *testing.T) { + t.Run("helm", func(t *testing.T) { + service := newService(t, "testdata/my-chart") + + // Fill the manifest request with as many parameters affecting Helm commands as possible. + q := apiclient.ManifestRequest{ + AppName: "test-app", + Namespace: "test-namespace", + KubeVersion: "1.2.3", + ApiVersions: []string{"v1/Test", "v2/Test"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{ + Path: ".", + Helm: &argoappv1.ApplicationSourceHelm{ + FileParameters: []argoappv1.HelmFileParameter{ + { + Name: "test-file-param-name", + Path: "test-file-param.yaml", + }, + }, + Parameters: []argoappv1.HelmParameter{ + { + Name: "test-param-name", + // Use build env var to test substitution. + Value: "test-value-$ARGOCD_APP_NAME", + ForceString: true, + }, + { + Name: "test-param-bool-name", + // Use build env var to test substitution. + Value: "false", + }, + }, + PassCredentials: true, + SkipCrds: true, + ValueFiles: []string{ + "my-chart-values.yaml", + }, + Values: "test: values", + }, + }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } + + res, err := service.GenerateManifest(context.Background(), &q) + + require.NoError(t, err) + assert.Equal(t, []string{"helm template . --name-template test-app --namespace test-namespace --kube-version 1.2.3 --set test-param-bool-name=false --set-string test-param-name=test-value-test-app --set-file test-file-param-name=./test-file-param.yaml --values ./my-chart-values.yaml --values --api-versions v1/Test --api-versions v2/Test"}, res.Commands) + + t.Run("with overrides", func(t *testing.T) { + // These can be set explicitly instead of using inferred values. Make sure the overrides apply. + q.ApplicationSource.Helm.APIVersions = []string{"v3", "v4"} + q.ApplicationSource.Helm.KubeVersion = "5.6.7" + q.ApplicationSource.Helm.Namespace = "different-namespace" + q.ApplicationSource.Helm.ReleaseName = "different-release-name" + + res, err = service.GenerateManifest(context.Background(), &q) + + require.NoError(t, err) + assert.Equal(t, []string{"helm template . --name-template different-release-name --namespace different-namespace --kube-version 5.6.7 --set test-param-bool-name=false --set-string test-param-name=test-value-test-app --set-file test-file-param-name=./test-file-param.yaml --values ./my-chart-values.yaml --values --api-versions v3 --api-versions v4"}, res.Commands) + }) + }) + + t.Run("helm with dependencies", func(t *testing.T) { + // This test makes sure we still get commands, even if we hit the code path that has to run "helm dependency build." + // We don't actually return the "helm dependency build" command, because we expect that the user is able to read + // the "helm template" and figure out how to fix it. + t.Cleanup(func() { + err := os.Remove("testdata/helm-with-local-dependency/Chart.lock") + require.NoError(t, err) + err = os.RemoveAll("testdata/helm-with-local-dependency/charts") + require.NoError(t, err) + }) + + service := newService(t, "testdata/helm-with-local-dependency") + + q := apiclient.ManifestRequest{ + AppName: "test-app", + Namespace: "test-namespace", + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{ + Path: ".", + }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } + + res, err := service.GenerateManifest(context.Background(), &q) + + require.NoError(t, err) + assert.Equal(t, []string{"helm template . --name-template test-app --namespace test-namespace --include-crds"}, res.Commands) + }) + + t.Run("kustomize", func(t *testing.T) { + // Write test files to a temp dir, because the test mutates kustomization.yaml in place. + tempDir := t.TempDir() + err := os.WriteFile(path.Join(tempDir, "kustomization.yaml"), []byte(` +resources: +- guestbook.yaml +`), os.FileMode(0o600)) + require.NoError(t, err) + err = os.WriteFile(path.Join(tempDir, "guestbook.yaml"), []byte(` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: guestbook-ui +`), os.FileMode(0o400)) + require.NoError(t, err) + err = os.Mkdir(path.Join(tempDir, "component"), os.FileMode(0o700)) + require.NoError(t, err) + err = os.WriteFile(path.Join(tempDir, "component", "kustomization.yaml"), []byte(` +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +images: +- name: old + newName: new +`), os.FileMode(0o400)) + require.NoError(t, err) + + service := newService(t, tempDir) + + // Fill the manifest request with as many parameters affecting Helm commands as possible. + q := apiclient.ManifestRequest{ + AppName: "test-app", + Namespace: "test-namespace", + KubeVersion: "1.2.3", + ApiVersions: []string{"v1/Test", "v2/Test"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{ + Path: ".", + Kustomize: &argoappv1.ApplicationSourceKustomize{ + APIVersions: []string{"v1", "v2"}, + CommonAnnotations: map[string]string{ + // Use build env var to test substitution. + "test": "annotation-$ARGOCD_APP_NAME", + }, + CommonAnnotationsEnvsubst: true, + CommonLabels: map[string]string{ + "test": "label", + }, + Components: []string{"component"}, + ForceCommonAnnotations: true, + ForceCommonLabels: true, + Images: argoappv1.KustomizeImages{ + "image=override", + }, + KubeVersion: "5.6.7", + LabelWithoutSelector: true, + NamePrefix: "test-prefix", + NameSuffix: "test-suffix", + Namespace: "override-namespace", + Replicas: argoappv1.KustomizeReplicas{ + { + Name: "guestbook-ui", + Count: intstr.Parse("1337"), + }, + }, + }, + }, + ProjectName: "something", + ProjectSourceRepos: []string{"*"}, + } + + res, err := service.GenerateManifest(context.Background(), &q) + + require.NoError(t, err) + assert.Equal(t, []string{ + "kustomize edit set nameprefix -- test-prefix", + "kustomize edit set namesuffix -- test-suffix", + "kustomize edit set image image=override", + "kustomize edit set replicas guestbook-ui=1337", + "kustomize edit add label --force --without-selector test:label", + "kustomize edit add annotation --force test:annotation-test-app", + "kustomize edit set namespace -- override-namespace", + "kustomize edit add component component", + "kustomize build .", + }, res.Commands) + }) +} diff --git a/reposerver/repository/testdata/helm-with-local-dependency/Chart.yaml b/reposerver/repository/testdata/helm-with-local-dependency/Chart.yaml new file mode 100644 index 0000000000000..5daf5d1d091c9 --- /dev/null +++ b/reposerver/repository/testdata/helm-with-local-dependency/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: helm-with-dependencies +version: v1.0.0 +dependencies: + - name: simple-chart + repository: file://../simple-chart + version: v1.1.0 diff --git a/reposerver/repository/testdata/my-chart/test-file-param.yaml b/reposerver/repository/testdata/my-chart/test-file-param.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/reposerver/repository/testdata/simple-chart/Chart.yaml b/reposerver/repository/testdata/simple-chart/Chart.yaml new file mode 100644 index 0000000000000..00bfbfaf78f3e --- /dev/null +++ b/reposerver/repository/testdata/simple-chart/Chart.yaml @@ -0,0 +1,2 @@ +name: simple-chart +version: 1.1.0 diff --git a/reposerver/repository/testdata/simple-chart/simple-chart-values.yaml b/reposerver/repository/testdata/simple-chart/simple-chart-values.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/reposerver/repository/testdata/simple-chart/templates/my-map.yaml b/reposerver/repository/testdata/simple-chart/templates/my-map.yaml new file mode 100644 index 0000000000000..efbeb3b7b9393 --- /dev/null +++ b/reposerver/repository/testdata/simple-chart/templates/my-map.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map \ No newline at end of file diff --git a/resource_customizations/apps.kruise.io/DaemonSet/health.lua b/resource_customizations/apps.kruise.io/DaemonSet/health.lua index 7705bcc3325e5..30ccdc85da176 100644 --- a/resource_customizations/apps.kruise.io/DaemonSet/health.lua +++ b/resource_customizations/apps.kruise.io/DaemonSet/health.lua @@ -8,7 +8,7 @@ if obj.status ~= nil then hs.status = "Suspended" hs.message = "Daemonset is paused" return hs - elseif obj.spec.updateStrategy.rollingUpdate.partition ~= 0 and obj.metadata.generation > 1 then + elseif (obj.spec.updateStrategy.rollingUpdate.partition ~= nil) and (obj.spec.updateStrategy.rollingUpdate.partition ~= 0 and obj.metadata.generation > 1) then if obj.status.updatedNumberScheduled > (obj.status.desiredNumberScheduled - obj.spec.updateStrategy.rollingUpdate.partition) then hs.status = "Suspended" hs.message = "Daemonset needs manual intervention" diff --git a/resource_customizations/apps.kruise.io/DaemonSet/health_test.yaml b/resource_customizations/apps.kruise.io/DaemonSet/health_test.yaml index 0a8c8292672f3..a1d2579d2e9f8 100644 --- a/resource_customizations/apps.kruise.io/DaemonSet/health_test.yaml +++ b/resource_customizations/apps.kruise.io/DaemonSet/health_test.yaml @@ -11,6 +11,10 @@ tests: status: Progressing message: "Waiting for initialization" inputPath: testdata/unknown.yaml + - healthStatus: + status: Progressing + message: "Waiting for initialization" + inputPath: testdata/no-update-strategy-partition.yaml - healthStatus: status: Suspended message: "Daemonset is paused" diff --git a/resource_customizations/apps.kruise.io/DaemonSet/testdata/no-update-strategy-partition.yaml b/resource_customizations/apps.kruise.io/DaemonSet/testdata/no-update-strategy-partition.yaml new file mode 100644 index 0000000000000..765378b0c6078 --- /dev/null +++ b/resource_customizations/apps.kruise.io/DaemonSet/testdata/no-update-strategy-partition.yaml @@ -0,0 +1,34 @@ +apiVersion: apps.kruise.io/v1alpha1 +kind: DaemonSet +metadata: + name: rdma-device-plugin + namespace: nvidia-gpu + generation: 2 +spec: + selector: + matchLabels: + app-name: rdma-device-plugin-pod + template: + metadata: + labels: + app-name: rdma-device-plugin-pod + spec: + containers: + image: 'my-k8s-rdmaplugin' + imagePullPolicy: IfNotPresent + name: k8s-rdma-device-plugin + hostNetwork: true + updateStrategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 50 + rollingUpdateType: Standard + type: RollingUpdate +status: + currentNumberScheduled: 0 + daemonSetHash: 5998d4d4d7 + desiredNumberScheduled: 0 + numberMisscheduled: 0 + numberReady: 0 + observedGeneration: 2 + updatedNumberScheduled: 0 diff --git a/resource_customizations/batch/CronJob/actions/create-job/action.lua b/resource_customizations/batch/CronJob/actions/create-job/action.lua index a6f3253a5b757..aac90c4bf6719 100644 --- a/resource_customizations/batch/CronJob/actions/create-job/action.lua +++ b/resource_customizations/batch/CronJob/actions/create-job/action.lua @@ -36,7 +36,7 @@ job.metadata = deepCopy(obj.spec.jobTemplate.metadata) if job.metadata == nil then job.metadata = {} end -job.metadata.name = obj.metadata.name .. "-" ..os.date("!%Y%m%d%H%M") +job.metadata.name = obj.metadata.name .. "-" ..os.date("!%y%m%d%H%M") job.metadata.namespace = obj.metadata.namespace if job.metadata.annotations == nil then job.metadata.annotations = {} diff --git a/resource_customizations/cluster.x-k8s.io/MachinePool/health.lua b/resource_customizations/cluster.x-k8s.io/MachinePool/health.lua new file mode 100644 index 0000000000000..521aa9a61161a --- /dev/null +++ b/resource_customizations/cluster.x-k8s.io/MachinePool/health.lua @@ -0,0 +1,48 @@ +-- Reference CRD can be found here: +-- https://doc.crds.dev/github.com/kubernetes-sigs/cluster-api/cluster.x-k8s.io/MachinePool/v1beta1@v1.8.1 + +function getStatusBasedOnPhase(obj, hs) + -- Phases can be found here: + -- https://github.com/kubernetes-sigs/cluster-api/blob/release-1.8/exp/api/v1beta1/machinepool_types.go#L139-L182 + if obj.status ~= nil and obj.status.phase ~= nil then + hs.message = "MachinePool is " .. obj.status.phase + if obj.status.phase == "Running" then + hs.status = "Healthy" + end + if obj.status.phase == "Failed" or obj.status.phase == "Unknown" then + hs.status = "Degraded" + end + end + return hs +end + +function getConditionStatuses(obj, hs) + local extraInfo = "" + if obj.status ~= nil and obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type ~= nil and condition.status == "False" then + if extraInfo ~= "" then + extraInfo = extraInfo .. ", " + end + extraInfo = extraInfo .. "Not " .. condition.type + if condition.reason ~= nil then + extraInfo = extraInfo .. " (" .. condition.reason .. ")" + end + end + end + end + if extraInfo ~= "" then + hs.message = hs.message .. ": " .. extraInfo + end + + return hs +end + +local hs = {} +hs.status = "Progressing" +hs.message = "" + +getStatusBasedOnPhase(obj, hs) +getConditionStatuses(obj, hs) + +return hs diff --git a/resource_customizations/cluster.x-k8s.io/MachinePool/health_test.yaml b/resource_customizations/cluster.x-k8s.io/MachinePool/health_test.yaml new file mode 100644 index 0000000000000..3ea490456e886 --- /dev/null +++ b/resource_customizations/cluster.x-k8s.io/MachinePool/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Healthy + message: 'MachinePool is Running' + inputPath: testdata/healthy_provisioned.yaml +- healthStatus: + status: Progressing + message: 'MachinePool is Provisioning: Not Ready (WaitingForInfrastructure), Not InfrastructureReady (WaitingForInfrastructure)' + inputPath: testdata/progressing_provisioning.yaml +- healthStatus: + status: Degraded + message: 'MachinePool is Failed' + inputPath: testdata/degraded_failed.yaml diff --git a/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/degraded_failed.yaml b/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/degraded_failed.yaml new file mode 100644 index 0000000000000..2079ebfdea584 --- /dev/null +++ b/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/degraded_failed.yaml @@ -0,0 +1,25 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + labels: + argocd.argoproj.io/instance: foo + cluster.x-k8s.io/cluster-name: foo + name: foo-pool + namespace: default +spec: + clusterName: foo + replicas: 3 + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: foo + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool + name: foo-pool + namespace: default + version: v1.30.0 +status: + phase: Failed diff --git a/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/healthy_provisioned.yaml b/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/healthy_provisioned.yaml new file mode 100644 index 0000000000000..02211d4950014 --- /dev/null +++ b/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/healthy_provisioned.yaml @@ -0,0 +1,57 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + labels: + argocd.argoproj.io/instance: foo + cluster.x-k8s.io/cluster-name: foo + name: foo-pool + namespace: default +spec: + clusterName: foo + replicas: 3 + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: foo + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool + name: foo-pool + namespace: default + version: v1.30.0 +status: + availableReplicas: 3 + bootstrapReady: true + conditions: + - lastTransitionTime: '2024-08-19T20:33:02Z' + status: 'True' + type: Ready + - lastTransitionTime: '2024-08-19T20:18:31Z' + status: 'True' + type: BootstrapReady + - lastTransitionTime: '2024-08-19T20:33:02Z' + status: 'True' + type: InfrastructureReady + - lastTransitionTime: '2024-08-19T20:18:31Z' + status: 'True' + type: ReplicasReady + infrastructureReady: true + nodeRefs: + - apiVersion: v1 + kind: Node + name: ip-18-232-50-123-ec2.internal + uid: e4b3a44f-1c2d-4fd3-bb9e-3b0e08787a5a + - apiVersion: v1 + kind: Node + name: ip-52-23-45-67-ec2.internal + uid: 2b9dabe5-3a1d-429a-985b-5e7ffb9649c6 + - apiVersion: v1 + kind: Node + name: ip-34-207-89-12-ec2.internal + uid: 6f94031a-d3e4-48f7-bc94-22bb9b687f5e + observedGeneration: 2 + phase: Running + readyReplicas: 3 + replicas: 3 diff --git a/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/progressing_provisioning.yaml b/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/progressing_provisioning.yaml new file mode 100644 index 0000000000000..f287555ece532 --- /dev/null +++ b/resource_customizations/cluster.x-k8s.io/MachinePool/testdata/progressing_provisioning.yaml @@ -0,0 +1,44 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + labels: + argocd.argoproj.io/instance: foo + cluster.x-k8s.io/cluster-name: foo + name: foo-pool + namespace: default +spec: + clusterName: foo + replicas: 3 + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: foo + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta2 + kind: AWSManagedMachinePool + name: foo-pool + namespace: default + version: v1.30.0 +status: + bootstrapReady: true + conditions: + - lastTransitionTime: '2024-08-19T20:26:30Z' + reason: WaitingForInfrastructure + severity: Info + status: 'False' + type: Ready + - lastTransitionTime: '2024-08-19T20:26:30Z' + status: 'True' + type: BootstrapReady + - lastTransitionTime: '2024-08-19T20:26:30Z' + reason: WaitingForInfrastructure + severity: Info + status: 'False' + type: InfrastructureReady + - lastTransitionTime: '2024-08-19T20:26:30Z' + status: 'True' + type: ReplicasReady + observedGeneration: 1 + phase: Provisioning diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/action_test.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/action_test.yaml new file mode 100644 index 0000000000000..1831eb389cb24 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_helmrelease.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_helmrelease.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_helmrelease.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_helmrelease.yaml + expectedOutputPath: testdata/reconciled_helmrelease.yaml +- action: suspend + inputPath: testdata/initial_helmrelease.yaml + expectedOutputPath: testdata/suspended_helmrelease.yaml +- action: resume + inputPath: testdata/suspended_helmrelease.yaml + expectedOutputPath: testdata/resumed_helmrelease.yaml diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/discovery.lua b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/reconcile/action.lua b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/resume/action.lua b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/suspend/action.lua b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/initial_helmrelease.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/initial_helmrelease.yaml new file mode 100644 index 0000000000000..a5be419c51dc7 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/initial_helmrelease.yaml @@ -0,0 +1,33 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/reconciled_helmrelease.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/reconciled_helmrelease.yaml new file mode 100644 index 0000000000000..89eb46c511eb1 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/reconciled_helmrelease.yaml @@ -0,0 +1,35 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/resumed_helmrelease.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/resumed_helmrelease.yaml new file mode 100644 index 0000000000000..84988820ada9f --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/resumed_helmrelease.yaml @@ -0,0 +1,34 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + suspend: false + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/suspended_helmrelease.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/suspended_helmrelease.yaml new file mode 100644 index 0000000000000..21e46d51751a3 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/testdata/suspended_helmrelease.yaml @@ -0,0 +1,34 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + suspend: true + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/health.lua b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/health.lua new file mode 100644 index 0000000000000..dd062f92e7143 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/health.lua @@ -0,0 +1,45 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + elseif condition.type == "Released" or condition.type == "TestSuccess" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + end + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 2) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/health_test.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/health_test.yaml new file mode 100644 index 0000000000000..64fce9951d5ba --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: Progressing + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: RollbackSucceeded + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: InstallSucceeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/degraded.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/degraded.yaml new file mode 100644 index 0000000000000..c5986d6cfc507 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/degraded.yaml @@ -0,0 +1,70 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm rollback to previous release default/podinfo.v24 with + chart podinfo@6.5.4 succeeded + observedGeneration: 5 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm rollback to previous release default/podinfo.v24 with + chart podinfo@6.5.4 succeeded + observedGeneration: 5 + reason: RollbackSucceeded + status: "False" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: "Helm upgrade failed for release default/podinfo with chart + podinfo@6.5.4: cannot patch \"podinfo\" with kind Deployment: admission webhook + \"validate.kyverno.svc-fail\" denied the request: \n\nresource Deployment/default/podinfo + was blocked due to the following policies \n\ndisallow-privilege-escalation:\n + \ autogen-privilege-escalation: 'validation error: Privilege escalation is disallowed.\n + \ The fields spec.containers[*].securityContext.allowPrivilegeEscalation, + spec.initContainers[*].securityContext.allowPrivilegeEscalation,\n and spec.ephemeralContainers[*].securityContext.allowPrivilegeEscalation + must\n be set to `false`. rule autogen-privilege-escalation failed at path + /spec/template/spec/containers/0/securityContext/allowPrivilegeEscalation/'" + observedGeneration: 5 + reason: UpgradeFailed + status: "False" + type: Released + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm rollback to previous release default/podinfo.v24 with + chart podinfo@6.5.4 succeeded + observedGeneration: 5 + reason: RollbackSucceeded + status: "True" + type: Remediated diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/healthy.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/healthy.yaml new file mode 100644 index 0000000000000..f76ca38f23a09 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/healthy.yaml @@ -0,0 +1,49 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release default/podinfo.v1 with + chart podinfo@6.5.4 + observedGeneration: 2 + reason: InstallSucceeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release default/podinfo.v1 with + chart podinfo@6.5.4 + observedGeneration: 1 + reason: InstallSucceeded + status: "True" + type: Released diff --git a/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/progressing.yaml b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/progressing.yaml new file mode 100644 index 0000000000000..f6653b2139526 --- /dev/null +++ b/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/testdata/progressing.yaml @@ -0,0 +1,54 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + timeout: 5m + chart: + spec: + chart: podinfo + version: '6.5.*' + sourceRef: + kind: HelmRepository + name: podinfo + interval: 5m + releaseName: podinfo + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: true + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Running 'upgrade' action with timeout of 5m0s + observedGeneration: 3 + reason: Progressing + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Running 'upgrade' action with timeout of 5m0s + observedGeneration: 3 + reason: Progressing + status: Unknown + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release default/podinfo.v1 with + chart podinfo@6.5.4 + observedGeneration: 1 + reason: InstallSucceeded + status: "True" + type: Released diff --git a/resource_customizations/iam.aws.crossplane.io/Policy/health.lua b/resource_customizations/iam.aws.crossplane.io/Policy/health.lua new file mode 100644 index 0000000000000..70af5cb9570c0 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Policy/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for Policy to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for Policy to be created" +return hs diff --git a/resource_customizations/iam.aws.crossplane.io/Policy/health_test.yaml b/resource_customizations/iam.aws.crossplane.io/Policy/health_test.yaml new file mode 100644 index 0000000000000..07244a3f5b8eb --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Policy/health_test.yaml @@ -0,0 +1,10 @@ +tests: +- healthStatus: + status: Degraded + message: 'observe failed: cannot check if policy is up to date: invalid character + '']'' looking for beginning of value' + inputPath: testdata/ReconcileError.yaml +- healthStatus: + status: Healthy + message: Available + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/iam.aws.crossplane.io/Policy/testdata/ReconcileError.yaml b/resource_customizations/iam.aws.crossplane.io/Policy/testdata/ReconcileError.yaml new file mode 100644 index 0000000000000..4c00dffe0fdb8 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Policy/testdata/ReconcileError.yaml @@ -0,0 +1,39 @@ +apiVersion: iam.aws.crossplane.io/v1beta1 +kind: Policy +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + description: example + document: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": + \"Allow\",\n \"Action\": [\n \"s3:*\",\n ], \n \"Resource\": + [\n \"arn:aws:s3:::example\"\n ]\n }\n ]\n}\n" + name: example + tags: + - key: crossplane-name + value: example + - key: crossplane-providerconfig + value: provider-aws + - key: crossplane-kind + value: policy.iam.aws.crossplane.io + providerConfigRef: + name: provider-aws +status: + atProvider: + arn: arn:aws:iam::123:policy/example + attachmentCount: 1 + defaultVersionId: v1 + isAttachable: true + policyId: ABC + conditions: + - lastTransitionTime: "2024-07-11T11:01:01Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-11T11:01:01Z" + message: 'observe failed: cannot check if policy is up to date: invalid character + '']'' looking for beginning of value' + reason: ReconcileError + status: "False" + type: Synced diff --git a/resource_customizations/iam.aws.crossplane.io/Policy/testdata/healthy.yaml b/resource_customizations/iam.aws.crossplane.io/Policy/testdata/healthy.yaml new file mode 100644 index 0000000000000..04d8dd8cf1aef --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Policy/testdata/healthy.yaml @@ -0,0 +1,45 @@ +apiVersion: iam.aws.crossplane.io/v1beta1 +kind: Policy +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + description: example + document: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": ["s3:ListBucket"], + "Resource": ["arn:aws:s3:::examples"] + } + ] + } + name: examples-s3-hello-s3 + tags: + - key: crossplane-name + value: example + - key: crossplane-providerconfig + value: provider-aws + - key: crossplane-kind + value: policy.iam.aws.crossplane.io + providerConfigRef: + name: provider-aws +status: + atProvider: + arn: arn:aws:iam::123:policy/examples-s3-hello-s3 + attachmentCount: 1 + defaultVersionId: v2 + isAttachable: true + policyId: 123 + conditions: + - lastTransitionTime: "2024-07-11T08:18:16Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-11T08:18:07Z" + reason: ReconcileSuccess + status: "True" + type: Synced diff --git a/resource_customizations/iam.aws.crossplane.io/Role/health.lua b/resource_customizations/iam.aws.crossplane.io/Role/health.lua new file mode 100644 index 0000000000000..a264c2049d1b5 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Role/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for Role to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for Role to be created" +return hs diff --git a/resource_customizations/iam.aws.crossplane.io/Role/health_test.yaml b/resource_customizations/iam.aws.crossplane.io/Role/health_test.yaml new file mode 100644 index 0000000000000..4e4c93684fef3 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Role/health_test.yaml @@ -0,0 +1,10 @@ +tests: +- healthStatus: + status: Degraded + message: 'connect failed: cannot get referenced Provider: ProviderConfig.aws.crossplane.io + "provider-aws1" not found' + inputPath: testdata/ReconcileError.yaml +- healthStatus: + status: Healthy + message: Available + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/iam.aws.crossplane.io/Role/testdata/ReconcileError.yaml b/resource_customizations/iam.aws.crossplane.io/Role/testdata/ReconcileError.yaml new file mode 100644 index 0000000000000..6a71e20da4628 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Role/testdata/ReconcileError.yaml @@ -0,0 +1,54 @@ +apiVersion: iam.aws.crossplane.io/v1beta1 +kind: Role +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + assumeRolePolicyDocument: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "", + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::123:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/123ABC" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:sub": "system:serviceaccount:ABC:example", + "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:aud": "sts.amazonaws.com" + } + } + } + ] + } + description: example + maxSessionDuration: 3600 + path: / + tags: + - key: crossplane-kind + value: role.iam.aws.crossplane.io + - key: crossplane-name + value: example + - key: crossplane-providerconfig + value: provider-aws + providerConfigRef: + name: provider-aws1 +status: + atProvider: + arn: arn:aws:iam::123:role/examples-s31 + roleID: ABC123 + conditions: + - lastTransitionTime: "2024-07-11T13:51:47Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-11T13:54:11Z" + message: 'connect failed: cannot get referenced Provider: ProviderConfig.aws.crossplane.io + "provider-aws1" not found' + reason: ReconcileError + status: "False" + type: Synced diff --git a/resource_customizations/iam.aws.crossplane.io/Role/testdata/healthy.yaml b/resource_customizations/iam.aws.crossplane.io/Role/testdata/healthy.yaml new file mode 100644 index 0000000000000..6f4d92cc10af5 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/Role/testdata/healthy.yaml @@ -0,0 +1,52 @@ +apiVersion: iam.aws.crossplane.io/v1beta1 +kind: Role +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + assumeRolePolicyDocument: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "", + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::123:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/123ABC" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:sub": "system:serviceaccount:ABC:example", + "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:aud": "sts.amazonaws.com" + } + } + } + ] + } + description: example + maxSessionDuration: 3600 + path: / + tags: + - key: crossplane-kind + value: role.iam.aws.crossplane.io + - key: crossplane-name + value: example + - key: crossplane-providerconfig + value: provider-aws + providerConfigRef: + name: provider-aws +status: + atProvider: + arn: arn:aws:iam::123:role/example + roleID: ABC123 + conditions: + - lastTransitionTime: "2024-07-11T07:49:50Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-11T07:49:49Z" + reason: ReconcileSuccess + status: "True" + type: Synced diff --git a/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health.lua b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health.lua new file mode 100644 index 0000000000000..516c30b36c305 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for RolePolicyAttachment to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for RolePolicyAttachment to be created" +return hs diff --git a/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health_test.yaml b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health_test.yaml new file mode 100644 index 0000000000000..1ba7ed049cca4 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health_test.yaml @@ -0,0 +1,10 @@ +tests: +- healthStatus: + status: Degraded + message: 'create failed: failed to attach the policy to role: NoSuchEntity: The + role with name example cannot be found.' + inputPath: testdata/ReconcileError.yaml +- healthStatus: + status: Healthy + message: Available + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/ReconcileError.yaml b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/ReconcileError.yaml new file mode 100644 index 0000000000000..9249805319225 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/ReconcileError.yaml @@ -0,0 +1,25 @@ +apiVersion: iam.aws.crossplane.io/v1beta1 +kind: RolePolicyAttachment +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + policyArn: arn:aws:iam::123:policy/example + roleName: example + providerConfigRef: + name: provider-aws +status: + atProvider: + attachedPolicyArn: "" + conditions: + - lastTransitionTime: "2024-07-11T13:44:28Z" + reason: Creating + status: "False" + type: Ready + - lastTransitionTime: "2024-07-11T13:44:28Z" + message: 'create failed: failed to attach the policy to role: NoSuchEntity: The + role with name example cannot be found.' + reason: ReconcileError + status: "False" + type: Synced diff --git a/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/healthy.yaml b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/healthy.yaml new file mode 100644 index 0000000000000..41d4d17a9c415 --- /dev/null +++ b/resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/healthy.yaml @@ -0,0 +1,23 @@ +apiVersion: iam.aws.crossplane.io/v1beta1 +kind: RolePolicyAttachment +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + policyArn: arn:aws:iam::123:policy/example + roleName: example + providerConfigRef: + name: provider-aws +status: + atProvider: + attachedPolicyArn: arn:aws:iam::123:policy/example + conditions: + - lastTransitionTime: "2024-07-11T08:19:17Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-11T08:18:16Z" + reason: ReconcileSuccess + status: "True" + type: Synced diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/health.lua b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/health.lua new file mode 100644 index 0000000000000..688d06f0886ad --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/health.lua @@ -0,0 +1,38 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "False" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + if condition.reason == "NewGeneration" or condition.reason == "AccessingRepository" or condition.reason == "ApplyingPolicy" then + numProgressing = numProgressing + 1 + end + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 1) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/health_test.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/health_test.yaml new file mode 100644 index 0000000000000..0f8d9c4a64541 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: DependencyNotReady + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: DependencyNotReady + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: Succeeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/degraded.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/degraded.yaml new file mode 100644 index 0000000000000..4fcbc4498c045 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/degraded.yaml @@ -0,0 +1,26 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: podinfo + namespace: argocd +spec: + imageRepositoryRef: + name: podinfo-faulty + policy: + semver: + range: x.x.x +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'processing object: new generation 1 -> 2' + observedGeneration: 2 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to get the referred ImageRepository: referenced ImageRepository + does not exist: ImageRepository.image.toolkit.fluxcd.io "podinfo-faulty" not found' + observedGeneration: 2 + reason: DependencyNotReady + status: "False" + type: Ready diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/healthy.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/healthy.yaml new file mode 100644 index 0000000000000..b1fdf01bedb36 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/healthy.yaml @@ -0,0 +1,19 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: podinfo + namespace: argocd +spec: + imageRepositoryRef: + name: podinfo + policy: + semver: + range: x.x.x +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Latest image tag for 'stefanprodan/podinfo' resolved to 5.1.4 + observedGeneration: 1 + reason: Succeeded + status: "True" + type: Ready diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/progressing.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/progressing.yaml new file mode 100644 index 0000000000000..90e71223b3837 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImagePolicy/testdata/progressing.yaml @@ -0,0 +1,13 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: podinfo + namespace: argocd +spec: + imageRepositoryRef: + name: podinfo + policy: + semver: + range: x.x.x +status: + conditions: [] diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/action_test.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/action_test.yaml new file mode 100644 index 0000000000000..69bd3dbb46c06 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_imagerepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_imagerepository.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_imagerepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_imagerepository.yaml + expectedOutputPath: testdata/reconciled_imagerepository.yaml +- action: suspend + inputPath: testdata/initial_imagerepository.yaml + expectedOutputPath: testdata/suspended_imagerepository.yaml +- action: resume + inputPath: testdata/suspended_imagerepository.yaml + expectedOutputPath: testdata/resumed_imagerepository.yaml diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/discovery.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/reconcile/action.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/resume/action.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/suspend/action.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/initial_imagerepository.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/initial_imagerepository.yaml new file mode 100644 index 0000000000000..c3491a774ca78 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/initial_imagerepository.yaml @@ -0,0 +1,9 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default +spec: + image: stefanprodan/podinfo + interval: 1h + provider: generic diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/reconciled_imagerepository.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/reconciled_imagerepository.yaml new file mode 100644 index 0000000000000..8d9a0625d67c6 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/reconciled_imagerepository.yaml @@ -0,0 +1,11 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + image: stefanprodan/podinfo + interval: 1h + provider: generic diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/resumed_imagerepository.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/resumed_imagerepository.yaml new file mode 100644 index 0000000000000..1317a1e58007c --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/resumed_imagerepository.yaml @@ -0,0 +1,10 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default +spec: + image: stefanprodan/podinfo + interval: 1h + provider: generic + suspend: false diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/suspended_imagerepository.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/suspended_imagerepository.yaml new file mode 100644 index 0000000000000..b7286cd242438 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/actions/testdata/suspended_imagerepository.yaml @@ -0,0 +1,10 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default +spec: + image: stefanprodan/podinfo + interval: 1h + provider: generic + suspend: true diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/health.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/health.lua new file mode 100644 index 0000000000000..aa65850494c99 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/health.lua @@ -0,0 +1,43 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "False" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + if condition.reason == "NewGeneration" or condition.reason == "Scanning" then + numProgressing = numProgressing + 1 + end + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 1) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/health_test.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/health_test.yaml new file mode 100644 index 0000000000000..22170d09007cd --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: ReadOperationFailed + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: ReadOperationFailed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: Succeeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/degraded.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/degraded.yaml new file mode 100644 index 0000000000000..ddc47923d3a0a --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/degraded.yaml @@ -0,0 +1,25 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default +spec: + image: stefanprodan/podinfo-faulty + interval: 1h + provider: generic +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'scanning: new image name' + observedGeneration: 2 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'scan failed: GET https://index.docker.io/v2/stefanprodan/podinfo-faulty/tags/list?n=1000: + UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:stefanprodan/podinfo-faulty + Type:repository]]' + observedGeneration: 2 + reason: ReadOperationFailed + status: "False" + type: Ready diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/healthy.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/healthy.yaml new file mode 100644 index 0000000000000..11ed02af76016 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/healthy.yaml @@ -0,0 +1,17 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default +spec: + image: stefanprodan/podinfo + interval: 1h + provider: generic +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'successful scan: found 233 tags' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: Ready diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/progressing.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/progressing.yaml new file mode 100644 index 0000000000000..a0ac7d4718100 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageRepository/testdata/progressing.yaml @@ -0,0 +1,11 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: podinfo + namespace: default +spec: + image: stefanprodan/podinfo + interval: 1h + provider: generic +status: + conditions: [] diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/action_test.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/action_test.yaml new file mode 100644 index 0000000000000..c69e51b26a2e4 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_imageupdateautomation.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_imageupdateautomation.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_imageupdateautomation.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_imageupdateautomation.yaml + expectedOutputPath: testdata/reconciled_imageupdateautomation.yaml +- action: suspend + inputPath: testdata/initial_imageupdateautomation.yaml + expectedOutputPath: testdata/suspended_imageupdateautomation.yaml +- action: resume + inputPath: testdata/suspended_imageupdateautomation.yaml + expectedOutputPath: testdata/resumed_imageupdateautomation.yaml diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/discovery.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/reconcile/action.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/resume/action.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/suspend/action.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/initial_imageupdateautomation.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/initial_imageupdateautomation.yaml new file mode 100644 index 0000000000000..049b7be69a583 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/initial_imageupdateautomation.yaml @@ -0,0 +1,19 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + update: + path: ./ diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/reconciled_imageupdateautomation.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/reconciled_imageupdateautomation.yaml new file mode 100644 index 0000000000000..9f39dfdaf7dc7 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/reconciled_imageupdateautomation.yaml @@ -0,0 +1,21 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + update: + path: ./ diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/resumed_imageupdateautomation.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/resumed_imageupdateautomation.yaml new file mode 100644 index 0000000000000..25bb66e190fe5 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/resumed_imageupdateautomation.yaml @@ -0,0 +1,20 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + suspend: false + update: + path: ./ diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/suspended_imageupdateautomation.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/suspended_imageupdateautomation.yaml new file mode 100644 index 0000000000000..9968fddf35e35 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/actions/testdata/suspended_imageupdateautomation.yaml @@ -0,0 +1,20 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + suspend: true + update: + path: ./ diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/health.lua b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/health.lua new file mode 100644 index 0000000000000..b4f27ab073ec2 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 1) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/health_test.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/health_test.yaml new file mode 100644 index 0000000000000..e9509ef4d8ded --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: ReconciliationFailed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: ReconciliationSucceeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/degraded.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/degraded.yaml new file mode 100644 index 0000000000000..8de0cfa46ae10 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/degraded.yaml @@ -0,0 +1,27 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + update: + path: ./ +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'walking path for files: lstat /tmp/deploy: + no such file or directory' + reason: ReconciliationFailed + status: "False" + type: Ready diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/healthy.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/healthy.yaml new file mode 100644 index 0000000000000..970b28a77dbf2 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/healthy.yaml @@ -0,0 +1,26 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + update: + path: ./ +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: no updates made; last commit a1b24e5 at 2024-07-16T12:00:00Z + reason: ReconciliationSucceeded + status: "True" + type: Ready diff --git a/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/progressing.yaml b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/progressing.yaml new file mode 100644 index 0000000000000..72e7e19fd2335 --- /dev/null +++ b/resource_customizations/image.toolkit.fluxcd.io/ImageUpdateAutomation/testdata/progressing.yaml @@ -0,0 +1,21 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: podinfo-update + namespace: default +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: podinfo + git: + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + push: + branch: main + update: + path: ./ +status: + conditions: [] diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/action_test.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/action_test.yaml new file mode 100644 index 0000000000000..da2b9953274da --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_kustomization.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_kustomization.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_kustomization.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_kustomization.yaml + expectedOutputPath: testdata/reconciled_kustomization.yaml +- action: suspend + inputPath: testdata/initial_kustomization.yaml + expectedOutputPath: testdata/suspended_kustomization.yaml +- action: resume + inputPath: testdata/suspended_kustomization.yaml + expectedOutputPath: testdata/resumed_kustomization.yaml diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/discovery.lua b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/reconcile/action.lua b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/resume/action.lua b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/suspend/action.lua b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/initial_kustomization.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/initial_kustomization.yaml new file mode 100644 index 0000000000000..baa2331533a04 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/initial_kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + timeout: 1m diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/reconciled_kustomization.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/reconciled_kustomization.yaml new file mode 100644 index 0000000000000..fa3019c176bb2 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/reconciled_kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + timeout: 1m diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/resumed_kustomization.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/resumed_kustomization.yaml new file mode 100644 index 0000000000000..48bc7baffefbb --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/resumed_kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + suspend: false + timeout: 1m diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/suspended_kustomization.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/suspended_kustomization.yaml new file mode 100644 index 0000000000000..b4684ef2d0d56 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/actions/testdata/suspended_kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + suspend: true + timeout: 1m diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/health.lua b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/health.lua new file mode 100644 index 0000000000000..b4f27ab073ec2 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 1) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/health_test.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/health_test.yaml new file mode 100644 index 0000000000000..62c520424189c --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: Progressing + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: ArtifactFailed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: InstallSucceeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/degraded.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/degraded.yaml new file mode 100644 index 0000000000000..6816b329d48e1 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/degraded.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + timeout: 1m +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: GitRepository.source.toolkit.fluxcd.io "podinfo" not found + observedGeneration: 1 + reason: ArtifactFailed + status: "False" + type: Ready + observedGeneration: -1 diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/healthy.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/healthy.yaml new file mode 100644 index 0000000000000..a6fc2fb02fdc6 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/healthy.yaml @@ -0,0 +1,30 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + timeout: 1m +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release default/podinfo.v1 with + chart podinfo@6.5.4 + observedGeneration: 2 + reason: InstallSucceeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release default/podinfo.v1 with + chart podinfo@6.5.4 + observedGeneration: 1 + reason: InstallSucceeded + status: "True" + type: Released diff --git a/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/progressing.yaml b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/progressing.yaml new file mode 100644 index 0000000000000..3bfa6e4159b09 --- /dev/null +++ b/resource_customizations/kustomize.toolkit.fluxcd.io/Kustomization/testdata/progressing.yaml @@ -0,0 +1,35 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: default +spec: + interval: 10m + targetNamespace: default + sourceRef: + kind: GitRepository + name: podinfo + path: "./kustomize" + prune: true + timeout: 1m +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Running 'upgrade' action with timeout of 5m0s + observedGeneration: 3 + reason: Progressing + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Running 'upgrade' action with timeout of 5m0s + observedGeneration: 3 + reason: Progressing + status: Unknown + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release default/podinfo.v1 with + chart podinfo@6.5.4 + observedGeneration: 1 + reason: InstallSucceeded + status: "True" + type: Released diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/health.lua b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/health.lua new file mode 100644 index 0000000000000..caedc1f309fda --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/health.lua @@ -0,0 +1,14 @@ +local hs = {} +if obj.status.status == "Succeeded" then + hs.status = "Healthy" + hs.message = "KeptnWorkloadVersion is healthy" + return hs +end +if obj.status.status == "Failed" then + hs.status = "Degraded" + hs.message = "KeptnWorkloadVersion is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "KeptnWorkloadVersion is progressing" +return hs \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/health_test.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/health_test.yaml new file mode 100644 index 0000000000000..3fbc2bc524968 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "KeptnWorkloadVersion is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "KeptnWorkloadVersion is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "KeptnWorkloadVersion is healthy" + inputPath: testdata/healthy.yaml \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/degraded.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/degraded.yaml new file mode 100644 index 0000000000000..0df7b8ca4fe08 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/degraded.yaml @@ -0,0 +1,50 @@ +apiVersion: lifecycle.keptn.sh/v1alpha4 +kind: KeptnWorkloadVersion +metadata: + annotations: + traceparent: 00-5050e556a9aaf22814aa689d0518f4d3-cbcff966a6d32c39-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 2 + name: podtato-head-podtato-head-entry-0.2.7 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkload + name: podtato-head-podtato-head-entry + uid: dcafe814-7f9d-4d50-9a66-f61c81bfe764 + resourceVersion: "226253" + uid: 6987404b-c7b9-40f5-95e9-d5aad55a3f3b +spec: + app: podtato-head + resourceReference: + kind: ReplicaSet + name: podtato-head-entry-6fc8964846 + uid: 2b6e44bf-27e3-4305-a9fb-65d2f412936b + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + version: 0.2.7 + workloadName: podtato-head-podtato-head-entry +status: + currentPhase: PreDeployTasks + deploymentStatus: Succeeded + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-ca249d3f6e024547-01 + WorkloadDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3be53185e6024eb4-01 + WorkloadPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0dc305a08a0ccf14-01 + WorkloadPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-4c7cf78cbbc40e14-01 + WorkloadPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-5eed0ec5420cfc89-01 + WorkloadPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-bef05615fc0138ac-01 + postDeploymentEvaluationStatus: Progressing + postDeploymentStatus: Progressing + preDeploymentEvaluationStatus: Failed + preDeploymentStatus: Failed + startTime: "2022-12-14T13:17:57Z" + status: Failed \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/healthy.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/healthy.yaml new file mode 100644 index 0000000000000..b8879f0b29415 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/healthy.yaml @@ -0,0 +1,51 @@ +apiVersion: lifecycle.keptn.sh/v1alpha4 +kind: KeptnWorkloadVersion +metadata: + annotations: + traceparent: 00-5050e556a9aaf22814aa689d0518f4d3-cbcff966a6d32c39-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 2 + name: podtato-head-podtato-head-entry-0.2.7 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkload + name: podtato-head-podtato-head-entry + uid: dcafe814-7f9d-4d50-9a66-f61c81bfe764 + resourceVersion: "226253" + uid: 6987404b-c7b9-40f5-95e9-d5aad55a3f3b +spec: + app: podtato-head + resourceReference: + kind: ReplicaSet + name: podtato-head-entry-6fc8964846 + uid: 2b6e44bf-27e3-4305-a9fb-65d2f412936b + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + version: 0.2.7 + workloadName: podtato-head-podtato-head-entry +status: + currentPhase: Completed + deploymentStatus: Succeeded + endTime: "2022-12-14T13:18:41Z" + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-ca249d3f6e024547-01 + WorkloadDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3be53185e6024eb4-01 + WorkloadPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0dc305a08a0ccf14-01 + WorkloadPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-4c7cf78cbbc40e14-01 + WorkloadPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-5eed0ec5420cfc89-01 + WorkloadPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-bef05615fc0138ac-01 + postDeploymentEvaluationStatus: Succeeded + postDeploymentStatus: Succeeded + preDeploymentEvaluationStatus: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:57Z" + status: Succeeded \ No newline at end of file diff --git a/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/progressing.yaml b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/progressing.yaml new file mode 100644 index 0000000000000..b339bb469a8e6 --- /dev/null +++ b/resource_customizations/lifecycle.keptn.sh/KeptnWorkloadVersion/testdata/progressing.yaml @@ -0,0 +1,50 @@ +apiVersion: lifecycle.keptn.sh/v1alpha4 +kind: KeptnWorkloadVersion +metadata: + annotations: + traceparent: 00-5050e556a9aaf22814aa689d0518f4d3-cbcff966a6d32c39-01 + creationTimestamp: "2022-12-14T13:17:36Z" + generation: 2 + name: podtato-head-podtato-head-entry-0.2.7 + namespace: podtato-kubectl + ownerReferences: + - apiVersion: lifecycle.keptn.sh/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: KeptnWorkload + name: podtato-head-podtato-head-entry + uid: dcafe814-7f9d-4d50-9a66-f61c81bfe764 + resourceVersion: "226253" + uid: 6987404b-c7b9-40f5-95e9-d5aad55a3f3b +spec: + app: podtato-head + resourceReference: + kind: ReplicaSet + name: podtato-head-entry-6fc8964846 + uid: 2b6e44bf-27e3-4305-a9fb-65d2f412936b + traceId: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0ae50f2d844888ab-01 + version: 0.2.7 + workloadName: podtato-head-podtato-head-entry +status: + currentPhase: Completed + deploymentStatus: Succeeded + phaseTraceIDs: + "": + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-ca249d3f6e024547-01 + WorkloadDeploy: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-3be53185e6024eb4-01 + WorkloadPostDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-0dc305a08a0ccf14-01 + WorkloadPostDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-4c7cf78cbbc40e14-01 + WorkloadPreDeployEvaluations: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-5eed0ec5420cfc89-01 + WorkloadPreDeployTasks: + traceparent: 00-ecdd1f5a7e1068ac9b0d044aa165ca4c-bef05615fc0138ac-01 + postDeploymentEvaluationStatus: Progressing + postDeploymentStatus: Progressing + preDeploymentEvaluationStatus: Succeeded + preDeploymentStatus: Succeeded + startTime: "2022-12-14T13:17:57Z" + status: Progressing \ No newline at end of file diff --git a/resource_customizations/metrics.keptn.sh/Analysis/health.lua b/resource_customizations/metrics.keptn.sh/Analysis/health.lua new file mode 100644 index 0000000000000..449ccb3505d4c --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/Analysis/health.lua @@ -0,0 +1,19 @@ +local hs = {} +if obj.status.pass == true then + hs.status = "Healthy" + hs.message = "Analysis is healthy" + return hs +end +if obj.status.warning == true then + hs.status = "Healthy" + hs.message = "Analysis is healthy with warnings" + return hs +end +if obj.status.pass == false then + hs.status = "Degraded" + hs.message = "Analysis is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "Analysis is progressing" +return hs diff --git a/resource_customizations/metrics.keptn.sh/Analysis/health_test.yaml b/resource_customizations/metrics.keptn.sh/Analysis/health_test.yaml new file mode 100644 index 0000000000000..945d2c9058ba4 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/Analysis/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "Analysis is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "Analysis is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "Analysis is healthy" + inputPath: testdata/healthy_pass.yaml + - healthStatus: + status: Healthy + message: "Analysis is healthy with warnings" + inputPath: testdata/healthy_warning.yaml diff --git a/resource_customizations/metrics.keptn.sh/Analysis/testdata/degraded.yaml b/resource_customizations/metrics.keptn.sh/Analysis/testdata/degraded.yaml new file mode 100644 index 0000000000000..b79dce0184b5e --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/Analysis/testdata/degraded.yaml @@ -0,0 +1,24 @@ +apiVersion: metrics.keptn.sh/v1 +kind: Analysis +metadata: + labels: + app.kubernetes.io/name: analysis + app.kubernetes.io/instance: analysis-sample + app.kubernetes.io/part-of: metrics-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: metrics-operator + name: analysis-sample +spec: + timeframe: + recent: 5m + args: + project: my-project + stage: dev + service: svc1 + nodename: test + analysisDefinition: + name: ad-my-proj-dev-svc1 + namespace: keptn-system +status: + pass: false + state: Completed diff --git a/resource_customizations/metrics.keptn.sh/Analysis/testdata/healthy_pass.yaml b/resource_customizations/metrics.keptn.sh/Analysis/testdata/healthy_pass.yaml new file mode 100644 index 0000000000000..17c04d9e9f265 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/Analysis/testdata/healthy_pass.yaml @@ -0,0 +1,24 @@ +apiVersion: metrics.keptn.sh/v1 +kind: Analysis +metadata: + labels: + app.kubernetes.io/name: analysis + app.kubernetes.io/instance: analysis-sample + app.kubernetes.io/part-of: metrics-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: metrics-operator + name: analysis-sample +spec: + timeframe: + recent: 5m + args: + project: my-project + stage: dev + service: svc1 + nodename: test + analysisDefinition: + name: ad-my-proj-dev-svc1 + namespace: keptn-system +status: + pass: true + state: Completed diff --git a/resource_customizations/metrics.keptn.sh/Analysis/testdata/healthy_warning.yaml b/resource_customizations/metrics.keptn.sh/Analysis/testdata/healthy_warning.yaml new file mode 100644 index 0000000000000..81eed8af49949 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/Analysis/testdata/healthy_warning.yaml @@ -0,0 +1,24 @@ +apiVersion: metrics.keptn.sh/v1 +kind: Analysis +metadata: + labels: + app.kubernetes.io/name: analysis + app.kubernetes.io/instance: analysis-sample + app.kubernetes.io/part-of: metrics-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: metrics-operator + name: analysis-sample +spec: + timeframe: + recent: 5m + args: + project: my-project + stage: dev + service: svc1 + nodename: test + analysisDefinition: + name: ad-my-proj-dev-svc1 + namespace: keptn-system +status: + warning: true + state: Completed diff --git a/resource_customizations/metrics.keptn.sh/Analysis/testdata/progressing.yaml b/resource_customizations/metrics.keptn.sh/Analysis/testdata/progressing.yaml new file mode 100644 index 0000000000000..cd42e73b64471 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/Analysis/testdata/progressing.yaml @@ -0,0 +1,23 @@ +apiVersion: metrics.keptn.sh/v1 +kind: Analysis +metadata: + labels: + app.kubernetes.io/name: analysis + app.kubernetes.io/instance: analysis-sample + app.kubernetes.io/part-of: metrics-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: metrics-operator + name: analysis-sample +spec: + timeframe: + recent: 5m + args: + project: my-project + stage: dev + service: svc1 + nodename: test + analysisDefinition: + name: ad-my-proj-dev-svc1 + namespace: keptn-system +status: + state: Progressing diff --git a/resource_customizations/metrics.keptn.sh/KeptnMetric/health.lua b/resource_customizations/metrics.keptn.sh/KeptnMetric/health.lua new file mode 100644 index 0000000000000..0275f503c4ce2 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/KeptnMetric/health.lua @@ -0,0 +1,14 @@ +local hs = {} +if (obj.status.errMsg == nil or obj.status.errMsg == "") and obj.status.value ~= nil then + hs.status = "Healthy" + hs.message = "KeptnMetric is healthy" + return hs +end +if obj.status.errMsg ~= nil and obj.status.errMsg ~= "" then + hs.status = "Degraded" + hs.message = "KeptnMetric is degraded" + return hs +end +hs.status = "Progressing" +hs.message = "KeptnMetric is progressing" +return hs diff --git a/resource_customizations/metrics.keptn.sh/KeptnMetric/health_test.yaml b/resource_customizations/metrics.keptn.sh/KeptnMetric/health_test.yaml new file mode 100644 index 0000000000000..0f170f6f5f846 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/KeptnMetric/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "KeptnMetric is progressing" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: "KeptnMetric is degraded" + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: "KeptnMetric is healthy" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Healthy + message: "KeptnMetric is healthy" + inputPath: testdata/healthy_empty_error.yaml diff --git a/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/degraded.yaml b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/degraded.yaml new file mode 100644 index 0000000000000..cdd429bb8224b --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/degraded.yaml @@ -0,0 +1,24 @@ +apiVersion: metrics.keptn.sh/v1 +kind: KeptnMetric +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"metrics.keptn.sh/v1","kind":"KeptnMetric","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"podtato-head"},"name":"available-cpus","namespace":"podtato-kubectl"},"spec":{"fetchIntervalSeconds":10,"provider":{"name":"my-provider"},"query":"sum(kube_node_status_capacity{resource='cpu'})"}} + creationTimestamp: '2024-07-16T07:34:42Z' + generation: 1 + labels: + app.kubernetes.io/instance: podtato-head + name: available-cpus + namespace: podtato-kubectl + resourceVersion: '405403' + uid: c448a014-b6b6-45a4-91ff-89949b9d0fce +spec: + fetchIntervalSeconds: 10 + provider: + name: my-provider + query: sum(kube_node_status_capacity{resource='cpu'}) +status: + errMsg: >- + Post "http://prometheus-k8s.monitoring.svc.cluster.local:9090/api/v1/query": + dial tcp: lookup prometheus-k8s.monitoring.svc.cluster.local on + lastUpdated: '2024-07-23T12:49:44Z' diff --git a/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/healthy.yaml b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/healthy.yaml new file mode 100644 index 0000000000000..2c5ecad045350 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/healthy.yaml @@ -0,0 +1,22 @@ +apiVersion: metrics.keptn.sh/v1 +kind: KeptnMetric +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"metrics.keptn.sh/v1","kind":"KeptnMetric","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"podtato-head"},"name":"available-cpus","namespace":"podtato-kubectl"},"spec":{"fetchIntervalSeconds":10,"provider":{"name":"my-provider"},"query":"sum(kube_node_status_capacity{resource='cpu'})"}} + creationTimestamp: '2024-07-16T07:34:42Z' + generation: 1 + labels: + app.kubernetes.io/instance: podtato-head + name: available-cpus + namespace: podtato-kubectl + resourceVersion: '405403' + uid: c448a014-b6b6-45a4-91ff-89949b9d0fce +spec: + fetchIntervalSeconds: 10 + provider: + name: my-provider + query: sum(kube_node_status_capacity{resource='cpu'}) +status: + value: '100' + lastUpdated: '2024-07-23T12:49:44Z' diff --git a/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/healthy_empty_error.yaml b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/healthy_empty_error.yaml new file mode 100644 index 0000000000000..758ccf9170a2a --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/healthy_empty_error.yaml @@ -0,0 +1,23 @@ +apiVersion: metrics.keptn.sh/v1 +kind: KeptnMetric +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"metrics.keptn.sh/v1","kind":"KeptnMetric","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"podtato-head"},"name":"available-cpus","namespace":"podtato-kubectl"},"spec":{"fetchIntervalSeconds":10,"provider":{"name":"my-provider"},"query":"sum(kube_node_status_capacity{resource='cpu'})"}} + creationTimestamp: '2024-07-16T07:34:42Z' + generation: 1 + labels: + app.kubernetes.io/instance: podtato-head + name: available-cpus + namespace: podtato-kubectl + resourceVersion: '405403' + uid: c448a014-b6b6-45a4-91ff-89949b9d0fce +spec: + fetchIntervalSeconds: 10 + provider: + name: my-provider + query: sum(kube_node_status_capacity{resource='cpu'}) +status: + errMsg: "" + value: 100 + lastUpdated: '2024-07-23T12:49:44Z' diff --git a/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/progressing.yaml b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/progressing.yaml new file mode 100644 index 0000000000000..71f219fbae7b4 --- /dev/null +++ b/resource_customizations/metrics.keptn.sh/KeptnMetric/testdata/progressing.yaml @@ -0,0 +1,21 @@ +apiVersion: metrics.keptn.sh/v1 +kind: KeptnMetric +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"metrics.keptn.sh/v1","kind":"KeptnMetric","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"podtato-head"},"name":"available-cpus","namespace":"podtato-kubectl"},"spec":{"fetchIntervalSeconds":10,"provider":{"name":"my-provider"},"query":"sum(kube_node_status_capacity{resource='cpu'})"}} + creationTimestamp: '2024-07-16T07:34:42Z' + generation: 1 + labels: + app.kubernetes.io/instance: podtato-head + name: available-cpus + namespace: podtato-kubectl + resourceVersion: '405403' + uid: c448a014-b6b6-45a4-91ff-89949b9d0fce +spec: + fetchIntervalSeconds: 10 + provider: + name: my-provider + query: sum(kube_node_status_capacity{resource='cpu'}) +status: + lastUpdated: '2024-07-23T12:49:44Z' diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/action_test.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/action_test.yaml new file mode 100644 index 0000000000000..acb19fbfce785 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/action_test.yaml @@ -0,0 +1,26 @@ +discoveryTests: +- inputPath: testdata/initial_alert.yaml + result: + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_alert.yaml + result: + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_alert.yaml + result: + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: suspend + inputPath: testdata/initial_alert.yaml + expectedOutputPath: testdata/suspended_alert.yaml +- action: resume + inputPath: testdata/suspended_alert.yaml + expectedOutputPath: testdata/resumed_alert.yaml diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/discovery.lua b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/discovery.lua new file mode 100644 index 0000000000000..f4c659d3d0f9c --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/discovery.lua @@ -0,0 +1,16 @@ +local actions = {} + +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/resume/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/suspend/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/initial_alert.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/initial_alert.yaml new file mode 100644 index 0000000000000..37ddc069c82f4 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/initial_alert.yaml @@ -0,0 +1,15 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: slack + namespace: flux-system +spec: + summary: "Cluster addons impacted in us-east-2" + providerRef: + name: slack-bot + eventSeverity: error + eventSources: + - kind: GitRepository + name: '*' + - kind: Kustomization + name: '*' diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/resumed_alert.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/resumed_alert.yaml new file mode 100644 index 0000000000000..3a0a57ff5b258 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/resumed_alert.yaml @@ -0,0 +1,16 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: slack + namespace: flux-system +spec: + summary: "Cluster addons impacted in us-east-2" + providerRef: + name: slack-bot + eventSeverity: error + eventSources: + - kind: GitRepository + name: '*' + - kind: Kustomization + name: '*' + suspend: false diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/suspended_alert.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/suspended_alert.yaml new file mode 100644 index 0000000000000..8f416896bc1ec --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Alert/actions/testdata/suspended_alert.yaml @@ -0,0 +1,16 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: slack + namespace: flux-system +spec: + summary: "Cluster addons impacted in us-east-2" + providerRef: + name: slack-bot + eventSeverity: error + eventSources: + - kind: GitRepository + name: '*' + - kind: Kustomization + name: '*' + suspend: true diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/action_test.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/action_test.yaml new file mode 100644 index 0000000000000..4438d3ed13020 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/action_test.yaml @@ -0,0 +1,26 @@ +discoveryTests: +- inputPath: testdata/initial_provider.yaml + result: + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_provider.yaml + result: + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_provider.yaml + result: + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: suspend + inputPath: testdata/initial_provider.yaml + expectedOutputPath: testdata/suspended_provider.yaml +- action: resume + inputPath: testdata/suspended_provider.yaml + expectedOutputPath: testdata/resumed_provider.yaml diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/discovery.lua b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/discovery.lua new file mode 100644 index 0000000000000..f4c659d3d0f9c --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/discovery.lua @@ -0,0 +1,16 @@ +local actions = {} + +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/resume/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/suspend/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/initial_provider.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/initial_provider.yaml new file mode 100644 index 0000000000000..d53ecd3697b08 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/initial_provider.yaml @@ -0,0 +1,11 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: slack-bot + namespace: flagger-system +spec: + type: slack + channel: general + address: https://slack.com/api/chat.postMessage + secretRef: + name: slack-bot-token diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/resumed_provider.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/resumed_provider.yaml new file mode 100644 index 0000000000000..684589b3bc45b --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/resumed_provider.yaml @@ -0,0 +1,12 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: slack-bot + namespace: flagger-system +spec: + type: slack + channel: general + address: https://slack.com/api/chat.postMessage + secretRef: + name: slack-bot-token + suspend: false diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/suspended_provider.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/suspended_provider.yaml new file mode 100644 index 0000000000000..330e3a6116755 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Provider/actions/testdata/suspended_provider.yaml @@ -0,0 +1,12 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: slack-bot + namespace: flagger-system +spec: + type: slack + channel: general + address: https://slack.com/api/chat.postMessage + secretRef: + name: slack-bot-token + suspend: true diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/action_test.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/action_test.yaml new file mode 100644 index 0000000000000..eff2eff163846 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_receiver.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_receiver.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_receiver.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_receiver.yaml + expectedOutputPath: testdata/reconciled_receiver.yaml +- action: suspend + inputPath: testdata/initial_receiver.yaml + expectedOutputPath: testdata/suspended_receiver.yaml +- action: resume + inputPath: testdata/suspended_receiver.yaml + expectedOutputPath: testdata/resumed_receiver.yaml diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/discovery.lua b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/reconcile/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/resume/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/suspend/action.lua b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/initial_receiver.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/initial_receiver.yaml new file mode 100644 index 0000000000000..fa00d3e65de3e --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/initial_receiver.yaml @@ -0,0 +1,16 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/reconciled_receiver.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/reconciled_receiver.yaml new file mode 100644 index 0000000000000..90594de5b3331 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/reconciled_receiver.yaml @@ -0,0 +1,18 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/resumed_receiver.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/resumed_receiver.yaml new file mode 100644 index 0000000000000..660d1cb0aed68 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/resumed_receiver.yaml @@ -0,0 +1,17 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + suspend: false + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/suspended_receiver.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/suspended_receiver.yaml new file mode 100644 index 0000000000000..b24fe8dda9aab --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/actions/testdata/suspended_receiver.yaml @@ -0,0 +1,17 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + suspend: true + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/health.lua b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/health.lua new file mode 100644 index 0000000000000..1586e9d50c8b5 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numFailing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "False" then + numFailing = numFailing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numFailing = numFailing + 1 + end + end + if(numFailing == 2) then + hs.message = message + hs.status = "Degraded" + return hs + elseif(numSucceeded == 1) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/health_test.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/health_test.yaml new file mode 100644 index 0000000000000..7e4d4ea018273 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: TokenNotFound + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: InstallSucceeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/degraded.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/degraded.yaml new file mode 100644 index 0000000000000..ba42fb102c85c --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/degraded.yaml @@ -0,0 +1,31 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Reconciliation in progress + observedGeneration: 1 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'unable to read token from secret ''flux-system/receiver-token'' error: + secrets "receiver-token" not found' + observedGeneration: 1 + reason: TokenNotFound + status: "False" + type: Ready diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/healthy.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/healthy.yaml new file mode 100644 index 0000000000000..7b99499e98419 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/healthy.yaml @@ -0,0 +1,32 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release flux-system/github-receiver.v1 with + chart podinfo@6.5.4 + observedGeneration: 2 + reason: InstallSucceeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: Helm install succeeded for release flux-system/github-receiver.v1 with + chart podinfo@6.5.4 + observedGeneration: 1 + reason: InstallSucceeded + status: "True" + type: Released diff --git a/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/progressing.yaml b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/progressing.yaml new file mode 100644 index 0000000000000..78dccc33b7536 --- /dev/null +++ b/resource_customizations/notification.toolkit.fluxcd.io/Receiver/testdata/progressing.yaml @@ -0,0 +1,18 @@ +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - "ping" + - "push" + secretRef: + name: receiver-token + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: flux-system +status: + conditions: [] diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua new file mode 100644 index 0000000000000..1bcd2892b4160 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua @@ -0,0 +1,32 @@ +local hs = {} +local healthyCondition = {} + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" then + healthyCondition = condition + end + end + end + + if obj.metadata.generation == obj.status.observedGeneration then + if (healthyCondition ~= {} and healthyCondition.status == "False" and (obj.metadata.generation == healthyCondition.observedGeneration) and healthyCondition.reason == "ISBSvcFailed") or obj.status.phase == "Failed" then + hs.status = "Degraded" + if obj.status.phase == "Failed" then + hs.message = obj.status.message + else + hs.message = healthyCondition.message + end + return hs + elseif healthyCondition ~= {} and healthyCondition.status == "True" and (obj.metadata.generation == healthyCondition.observedGeneration) and obj.status.phase == "Deployed" then + hs.status = "Healthy" + hs.message = healthyCondition.message + return hs + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for ISBService status" +return hs \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml new file mode 100644 index 0000000000000..b0b683266c6eb --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for ISBService status" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Healthy + message: "Successful" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Degraded + message: "ISBService Failed" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Progressing + message: "Waiting for ISBService status" + inputPath: testdata/progressing-nostatus.yaml +- healthStatus: + status: Progressing + message: "Waiting for ISBService status" + inputPath: testdata/progressing-reason.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/degraded.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/degraded.yaml new file mode 100644 index 0000000000000..56429f44a13c6 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/degraded.yaml @@ -0,0 +1,40 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: ISBServiceRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '2' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"ISBServiceRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"2"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-isbsvc","namespace":"demo-app"},"spec":{"interStepBufferService":{"jetstream":{"persistence":{"volumeSize":"1Gi"},"version":"degraded"}}}} + creationTimestamp: '2024-07-12T20:56:22Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 6 + labels: + argocd.argoproj.io/instance: demo-app + name: my-isbsvc + namespace: demo-app + resourceVersion: '5515640' + uid: 0a364143-ddfb-4bb8-9a61-b17b7954de4b +spec: + interStepBufferService: + jetstream: + persistence: + volumeSize: 1Gi + version: degraded +status: + conditions: + - lastTransitionTime: '2024-07-15T22:38:02Z' + message: Successful + observedGeneration: 6 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-15T22:38:02Z' + message: ISBService Failed + observedGeneration: 6 + reason: ISBSvcFailed + status: 'False' + type: ChildResourcesHealthy + message: Deployed + observedGeneration: 6 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/healthy.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/healthy.yaml new file mode 100644 index 0000000000000..1ae59573cfffa --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/healthy.yaml @@ -0,0 +1,39 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: ISBServiceRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '2' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"ISBServiceRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"2"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-isbsvc","namespace":"demo-app"},"spec":{"interStepBufferService":{"jetstream":{"persistence":{"volumeSize":"1Gi"},"version":"latest"}}}} + creationTimestamp: '2024-07-12T20:56:22Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-isbsvc + namespace: demo-app + resourceVersion: '5455982' + uid: 0a364143-ddfb-4bb8-9a61-b17b7954de4b +spec: + interStepBufferService: + jetstream: + persistence: + volumeSize: 1Gi + version: latest +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing-nostatus.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing-nostatus.yaml new file mode 100644 index 0000000000000..3a886da092714 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing-nostatus.yaml @@ -0,0 +1,23 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: ISBServiceRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '2' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"ISBServiceRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"2"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-isbsvc","namespace":"demo-app"},"spec":{"interStepBufferService":{"jetstream":{"persistence":{"volumeSize":"1Gi"},"version":"latest"}}}} + creationTimestamp: '2024-07-12T20:56:22Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 2 + labels: + argocd.argoproj.io/instance: demo-app + name: my-isbsvc + namespace: demo-app + resourceVersion: '5455982' + uid: 0a364143-ddfb-4bb8-9a61-b17b7954de4b +spec: + interStepBufferService: + jetstream: + persistence: + volumeSize: 1Gi + version: latest \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing-reason.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing-reason.yaml new file mode 100644 index 0000000000000..07dd50dc20d21 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing-reason.yaml @@ -0,0 +1,39 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: ISBServiceRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '2' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"ISBServiceRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"2"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-isbsvc","namespace":"demo-app"},"spec":{"interStepBufferService":{"jetstream":{"persistence":{"volumeSize":"1Gi"},"version":"latest"}}}} + creationTimestamp: '2024-07-12T20:56:22Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-isbsvc + namespace: demo-app + resourceVersion: '5455982' + uid: 0a364143-ddfb-4bb8-9a61-b17b7954de4b +spec: + interStepBufferService: + jetstream: + persistence: + volumeSize: 1Gi + version: latest +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:23Z' + message: Progressing + observedGeneration: 1 + reason: Progressing + status: 'False' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing.yaml new file mode 100644 index 0000000000000..af9d3d0062433 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/progressing.yaml @@ -0,0 +1,39 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: ISBServiceRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '2' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"ISBServiceRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"2"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-isbsvc","namespace":"demo-app"},"spec":{"interStepBufferService":{"jetstream":{"persistence":{"volumeSize":"1Gi"},"version":"latest"}}}} + creationTimestamp: '2024-07-12T20:56:22Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 2 + labels: + argocd.argoproj.io/instance: demo-app + name: my-isbsvc + namespace: demo-app + resourceVersion: '5455982' + uid: 0a364143-ddfb-4bb8-9a61-b17b7954de4b +spec: + interStepBufferService: + jetstream: + persistence: + volumeSize: 1Gi + version: latest +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua new file mode 100644 index 0000000000000..2e221a7323649 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua @@ -0,0 +1,32 @@ +local hs = {} +local healthyCondition = {} + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" then + healthyCondition = condition + end + end + end + + if obj.metadata.generation == obj.status.observedGeneration then + if (healthyCondition ~= {} and healthyCondition.status == "False" and (obj.metadata.generation == healthyCondition.observedGeneration) and healthyCondition.reason == "MonoVertexFailed") or obj.status.phase == "Failed" then + hs.status = "Degraded" + if obj.status.phase == "Failed" then + hs.message = obj.status.message + else + hs.message = healthyCondition.message + end + return hs + elseif healthyCondition ~= {} and healthyCondition.status == "True" and (obj.metadata.generation == healthyCondition.observedGeneration) and obj.status.phase == "Deployed" then + hs.status = "Healthy" + hs.message = healthyCondition.message + return hs + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for MonoVertex status" +return hs \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml new file mode 100644 index 0000000000000..aee12b9ceb9c3 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml @@ -0,0 +1,17 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for MonoVertex status" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Healthy + message: "Successful" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Degraded + message: "MonoVertex Failed" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Progressing + message: "Waiting for MonoVertex status" + inputPath: testdata/progressing-reason.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/degraded.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/degraded.yaml new file mode 100644 index 0000000000000..a6eedc9419f41 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/degraded.yaml @@ -0,0 +1,47 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: MonoVertexRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-java/simple-sink:stable"}}},"source":{"transformer":{"container":{"image":"quay.io/numaio/numaflow-rs/source-transformer-now:stable"}},"udsource":{"container":{"image":"quay.io/numaio/numaflow-java/source-simple-source:stable"}}}}}}} + creationTimestamp: '2024-08-21T20:44:18Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-monovertex + namespace: example-namespace + resourceVersion: '947414' + uid: a63f377e-1500-437e-9267-579f4a790518 +spec: + monoVertex: + spec: + sink: + udsink: + container: + image: 'bad-image' + source: + transformer: + container: + image: 'quay.io/numaio/numaflow-rs/source-transformer-now:stable' + udsource: + container: + image: 'quay.io/numaio/numaflow-java/source-simple-source:stable' +status: + conditions: + - lastTransitionTime: '2024-08-21T20:44:18Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-08-22T21:10:23Z' + message: MonoVertex Failed + observedGeneration: 1 + reason: MonoVertexFailed + status: 'False' + type: ChildResourcesHealthy + message: Deployed + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/healthy.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/healthy.yaml new file mode 100644 index 0000000000000..ee9d76c826dc4 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/healthy.yaml @@ -0,0 +1,47 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: MonoVertexRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-java/simple-sink:stable"}}},"source":{"transformer":{"container":{"image":"quay.io/numaio/numaflow-rs/source-transformer-now:stable"}},"udsource":{"container":{"image":"quay.io/numaio/numaflow-java/source-simple-source:stable"}}}}}}} + creationTimestamp: '2024-08-21T20:44:18Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-monovertex + namespace: example-namespace + resourceVersion: '947414' + uid: a63f377e-1500-437e-9267-579f4a790518 +spec: + monoVertex: + spec: + sink: + udsink: + container: + image: 'quay.io/numaio/numaflow-java/simple-sink:stable' + source: + transformer: + container: + image: 'quay.io/numaio/numaflow-rs/source-transformer-now:stable' + udsource: + container: + image: 'quay.io/numaio/numaflow-java/source-simple-source:stable' +status: + conditions: + - lastTransitionTime: '2024-08-21T20:44:18Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-08-22T21:10:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + message: Deployed + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/progressing-reason.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/progressing-reason.yaml new file mode 100644 index 0000000000000..3b147417e04d3 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/progressing-reason.yaml @@ -0,0 +1,47 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: MonoVertexRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-java/simple-sink:stable"}}},"source":{"transformer":{"container":{"image":"quay.io/numaio/numaflow-rs/source-transformer-now:stable"}},"udsource":{"container":{"image":"quay.io/numaio/numaflow-java/source-simple-source:stable"}}}}}}} + creationTimestamp: '2024-08-21T20:44:18Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-monovertex + namespace: example-namespace + resourceVersion: '947414' + uid: a63f377e-1500-437e-9267-579f4a790518 +spec: + monoVertex: + spec: + sink: + udsink: + container: + image: 'quay.io/numaio/numaflow-java/simple-sink:stable' + source: + transformer: + container: + image: 'quay.io/numaio/numaflow-rs/source-transformer-now:stable' + udsource: + container: + image: 'quay.io/numaio/numaflow-java/source-simple-source:stable' +status: + conditions: + - lastTransitionTime: '2024-08-21T20:44:18Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-08-22T21:10:23Z' + message: Progressing + observedGeneration: 1 + reason: Progressing + status: 'False' + type: ChildResourcesHealthy + message: Deployed + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/progressing.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/progressing.yaml new file mode 100644 index 0000000000000..14ebed98a3a85 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/progressing.yaml @@ -0,0 +1,47 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: MonoVertexRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-java/simple-sink:stable"}}},"source":{"transformer":{"container":{"image":"quay.io/numaio/numaflow-rs/source-transformer-now:stable"}},"udsource":{"container":{"image":"quay.io/numaio/numaflow-java/source-simple-source:stable"}}}}}}} + creationTimestamp: '2024-08-21T20:44:18Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 2 + labels: + argocd.argoproj.io/instance: demo-app + name: my-monovertex + namespace: example-namespace + resourceVersion: '947414' + uid: a63f377e-1500-437e-9267-579f4a790518 +spec: + monoVertex: + spec: + sink: + udsink: + container: + image: 'quay.io/numaio/numaflow-java/simple-sink:stable' + source: + transformer: + container: + image: 'quay.io/numaio/numaflow-rs/source-transformer-now:stable' + udsource: + container: + image: 'quay.io/numaio/numaflow-java/source-simple-source:stable' +status: + conditions: + - lastTransitionTime: '2024-08-21T20:44:18Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-08-22T21:10:23Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + message: Deployed + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua new file mode 100644 index 0000000000000..9ff005740f6e8 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua @@ -0,0 +1,32 @@ +local hs = {} +local healthyCondition = {} + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" then + healthyCondition = condition + end + end + end + + if obj.metadata.generation == obj.status.observedGeneration then + if (healthyCondition ~= {} and healthyCondition.status == "False" and (obj.metadata.generation == healthyCondition.observedGeneration) and healthyCondition.reason == "Degraded") or obj.status.phase == "Failed" then + hs.status = "Degraded" + if obj.status.phase == "Failed" then + hs.message = obj.status.message + else + hs.message = healthyCondition.message + end + return hs + elseif healthyCondition ~= {} and healthyCondition.status == "True" and (obj.metadata.generation == healthyCondition.observedGeneration) and obj.status.phase == "Deployed" then + hs.status = "Healthy" + hs.message = healthyCondition.message + return hs + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for NumaflowController status" +return hs \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml new file mode 100644 index 0000000000000..30bb880f2d38a --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml @@ -0,0 +1,17 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for NumaflowController status" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Healthy + message: "Successful" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Degraded + message: "no controller definition found for version degraded" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Progressing + message: "Waiting for NumaflowController status" + inputPath: testdata/progressing-reason.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/degraded.yaml b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/degraded.yaml new file mode 100644 index 0000000000000..4fa21c3195893 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/degraded.yaml @@ -0,0 +1,35 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: NumaflowControllerRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '1' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"NumaflowControllerRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"1"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"numaflow-controller","namespace":"demo-app"},"spec":{"controller":{"version":"xxx"}}} + creationTimestamp: '2024-07-12T20:56:20Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 4 + labels: + argocd.argoproj.io/instance: demo-app + name: numaflow-controller + namespace: demo-app + resourceVersion: '5514384' + uid: 904ab9bb-953e-4979-a124-5c92e8e25147 +spec: + controller: + version: degraded +status: + conditions: + - lastTransitionTime: '2024-07-15T22:29:52Z' + message: '' + reason: Unknown + status: Unknown + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-15T22:29:52Z' + message: '' + reason: Unknown + status: Unknown + type: ChildResourcesHealthy + message: no controller definition found for version degraded + observedGeneration: 4 + phase: Failed diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/healthy.yaml b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/healthy.yaml new file mode 100644 index 0000000000000..1efc00714e37b --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/healthy.yaml @@ -0,0 +1,36 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: NumaflowControllerRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '1' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"NumaflowControllerRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"1"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"numaflow-controller","namespace":"demo-app"},"spec":{"controller":{"version":"1.2.1"}}} + creationTimestamp: '2024-07-12T20:56:20Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: numaflow-controller + namespace: demo-app + resourceVersion: '5456204' + uid: 904ab9bb-953e-4979-a124-5c92e8e25147 +spec: + controller: + version: 1.2.1 +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:26Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:26Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/progressing-reason.yaml b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/progressing-reason.yaml new file mode 100644 index 0000000000000..e3c55cefc2c66 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/progressing-reason.yaml @@ -0,0 +1,36 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: NumaflowControllerRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '1' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"NumaflowControllerRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"1"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"numaflow-controller","namespace":"demo-app"},"spec":{"controller":{"version":"1.2.1"}}} + creationTimestamp: '2024-07-12T20:56:20Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: numaflow-controller + namespace: demo-app + resourceVersion: '5456204' + uid: 904ab9bb-953e-4979-a124-5c92e8e25147 +spec: + controller: + version: 1.2.1 +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:26Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:26Z' + message: Progressing + observedGeneration: 1 + reason: Progressing + status: 'False' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/progressing.yaml b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/progressing.yaml new file mode 100644 index 0000000000000..e6c000df9d48a --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/testdata/progressing.yaml @@ -0,0 +1,36 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: NumaflowControllerRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '1' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"NumaflowControllerRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"1"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"numaflow-controller","namespace":"demo-app"},"spec":{"controller":{"version":"1.2.1"}}} + creationTimestamp: '2024-07-12T20:56:20Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 2 + labels: + argocd.argoproj.io/instance: demo-app + name: numaflow-controller + namespace: demo-app + resourceVersion: '5456204' + uid: 904ab9bb-953e-4979-a124-5c92e8e25147 +spec: + controller: + version: 1.2.1 +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:26Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:26Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua new file mode 100644 index 0000000000000..649cbb643d7f9 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua @@ -0,0 +1,40 @@ +local hs = {} +local healthyCondition = {} +local pipelinePaused = {} + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" then + healthyCondition = condition + end + if condition.type == "PipelinePausingOrPaused" then + pipelinePaused = condition + end + end + end + + if obj.metadata.generation == obj.status.observedGeneration then + if (healthyCondition ~= {} and healthyCondition.status == "False" and (obj.metadata.generation == healthyCondition.observedGeneration) and healthyCondition.reason == "PipelineFailed") or obj.status.phase == "Failed" then + hs.status = "Degraded" + if obj.status.phase == "Failed" then + hs.message = obj.status.message + else + hs.message = healthyCondition.message + end + return hs + elseif (pipelinePaused ~= {} and pipelinePaused.status == "True") and (obj.metadata.generation == pipelinePaused.observedGeneration) then + hs.status = "Suspended" + hs.message = pipelinePaused.message + return hs + elseif (healthyCondition ~= {} and healthyCondition.status == "True") and (obj.metadata.generation == healthyCondition.observedGeneration) and obj.status.phase == "Deployed" then + hs.status = "Healthy" + hs.message = healthyCondition.message + return hs + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for Pipeline status" +return hs \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml new file mode 100644 index 0000000000000..99274d213992b --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for Pipeline status" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Healthy + message: "Successful" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Suspended + message: "Pipeline paused" + inputPath: testdata/paused.yaml +- healthStatus: + status: Degraded + message: "Pipeline Failed" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Progressing + message: "Waiting for Pipeline status" + inputPath: testdata/progressing-reason.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/degraded.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/degraded.yaml new file mode 100644 index 0000000000000..81da0cb4ad8d8 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/degraded.yaml @@ -0,0 +1,59 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: PipelineRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '3' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"3"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-other-pipeline","namespace":"demo-app"},"spec":{"pipeline":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"out"},{"from":"cat","to":"out2"}],"interStepBufferServiceName":"my-isbsvc","vertices":[{"name":"in","source":{"generator":{"duration":"15s","rpu":5}}},{"name":"cat","udf":{"builtin":{"name":"cat"}}},{"name":"out","sink":{"log":{}}},{"name":"out2","sink":{"log":{}}}]}}} + creationTimestamp: '2024-07-12T20:56:24Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-other-pipeline + namespace: demo-app + resourceVersion: '5456110' + uid: 472d6284-b2d9-45ee-a159-fd4c3ad08d8c +spec: + pipeline: + edges: + - from: in + to: cat + - from: cat + to: out + - from: cat + to: out2 + interStepBufferServiceName: my-isbsvc + vertices: + - name: in + source: + generator: + duration: 15s + rpu: 5 + # - name: cat + # udf: + # builtin: + # name: cat + - name: out + sink: + log: {} + - name: out2 + sink: + log: {} +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:24Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:24Z' + message: Pipeline Failed + observedGeneration: 1 + reason: PipelineFailed + status: 'False' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/healthy.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/healthy.yaml new file mode 100644 index 0000000000000..842ef30e57889 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/healthy.yaml @@ -0,0 +1,59 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: PipelineRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '3' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"3"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-other-pipeline","namespace":"demo-app"},"spec":{"pipeline":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"out"},{"from":"cat","to":"out2"}],"interStepBufferServiceName":"my-isbsvc","vertices":[{"name":"in","source":{"generator":{"duration":"15s","rpu":5}}},{"name":"cat","udf":{"builtin":{"name":"cat"}}},{"name":"out","sink":{"log":{}}},{"name":"out2","sink":{"log":{}}}]}}} + creationTimestamp: '2024-07-12T20:56:24Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-other-pipeline + namespace: demo-app + resourceVersion: '5456110' + uid: 472d6284-b2d9-45ee-a159-fd4c3ad08d8c +spec: + pipeline: + edges: + - from: in + to: cat + - from: cat + to: out + - from: cat + to: out2 + interStepBufferServiceName: my-isbsvc + vertices: + - name: in + source: + generator: + duration: 15s + rpu: 5 + - name: cat + udf: + builtin: + name: cat + - name: out + sink: + log: {} + - name: out2 + sink: + log: {} +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:24Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:24Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/paused.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/paused.yaml new file mode 100644 index 0000000000000..8bd209bbfb2ea --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/paused.yaml @@ -0,0 +1,65 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: PipelineRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '3' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"3"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-other-pipeline","namespace":"demo-app"},"spec":{"pipeline":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"out"},{"from":"cat","to":"out2"}],"interStepBufferServiceName":"my-isbsvc","vertices":[{"name":"in","source":{"generator":{"duration":"15s","rpu":5}}},{"name":"cat","udf":{"builtin":{"name":"cat"}}},{"name":"out","sink":{"log":{}}},{"name":"out2","sink":{"log":{}}}]}}} + creationTimestamp: '2024-07-12T20:56:24Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-other-pipeline + namespace: demo-app + resourceVersion: '5458594' + uid: 472d6284-b2d9-45ee-a159-fd4c3ad08d8c +spec: + pipeline: + edges: + - from: in + to: cat + - from: cat + to: out + - from: cat + to: out2 + interStepBufferServiceName: my-isbsvc + vertices: + - name: in + source: + generator: + duration: 15s + rpu: 5 + - name: cat + udf: + builtin: + name: cat + - name: out + sink: + log: {} + - name: out2 + sink: + log: {} +status: + conditions: + - lastTransitionTime: '2024-07-12T21:14:18Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T21:14:18Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + - lastTransitionTime: '2024-07-12T21:14:17Z' + message: Pipeline paused + observedGeneration: 1 + reason: Paused + status: 'True' + type: PipelinePausingOrPaused + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/progressing-reason.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/progressing-reason.yaml new file mode 100644 index 0000000000000..5ec81c30145b3 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/progressing-reason.yaml @@ -0,0 +1,59 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: PipelineRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '3' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"3"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-other-pipeline","namespace":"demo-app"},"spec":{"pipeline":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"out"},{"from":"cat","to":"out2"}],"interStepBufferServiceName":"my-isbsvc","vertices":[{"name":"in","source":{"generator":{"duration":"15s","rpu":5}}},{"name":"cat","udf":{"builtin":{"name":"cat"}}},{"name":"out","sink":{"log":{}}},{"name":"out2","sink":{"log":{}}}]}}} + creationTimestamp: '2024-07-12T20:56:24Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 1 + labels: + argocd.argoproj.io/instance: demo-app + name: my-other-pipeline + namespace: demo-app + resourceVersion: '5456110' + uid: 472d6284-b2d9-45ee-a159-fd4c3ad08d8c +spec: + pipeline: + edges: + - from: in + to: cat + - from: cat + to: out + - from: cat + to: out2 + interStepBufferServiceName: my-isbsvc + vertices: + - name: in + source: + generator: + duration: 15s + rpu: 5 + - name: cat + udf: + builtin: + name: cat + - name: out + sink: + log: {} + - name: out2 + sink: + log: {} +status: + conditions: + - lastTransitionTime: '2024-07-12T20:56:24Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T20:56:24Z' + message: Progressing + observedGeneration: 1 + reason: Progressing + status: 'False' + type: ChildResourcesHealthy + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/progressing.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/progressing.yaml new file mode 100644 index 0000000000000..a161254fb0b8e --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/progressing.yaml @@ -0,0 +1,61 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: PipelineRollout +metadata: + annotations: + argocd.argoproj.io/sync-wave: '3' + kubectl.kubernetes.io/last-applied-configuration: > + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{"argocd.argoproj.io/sync-wave":"3"},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-other-pipeline","namespace":"demo-app"},"spec":{"pipeline":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"out"},{"from":"cat","to":"out2"}],"interStepBufferServiceName":"my-isbsvc","vertices":[{"name":"in","source":{"generator":{"duration":"15s","rpu":5}}},{"name":"out","sink":{"log":{}}},{"name":"out2","sink":{"log":{}}}]}}} + creationTimestamp: '2024-07-12T20:56:24Z' + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 2 + labels: + argocd.argoproj.io/instance: demo-app + name: my-other-pipeline + namespace: demo-app + resourceVersion: '5461141' + uid: 472d6284-b2d9-45ee-a159-fd4c3ad08d8c +spec: + pipeline: + edges: + - from: in + to: cat + - from: cat + to: out + - from: cat + to: out2 + interStepBufferServiceName: my-isbsvc + vertices: + - name: in + source: + generator: + duration: 15s + rpu: 5 + - name: out + sink: + log: {} + - name: out2 + sink: + log: {} +status: + conditions: + - lastTransitionTime: '2024-07-12T21:31:03Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourceDeployed + - lastTransitionTime: '2024-07-12T21:31:03Z' + message: Successful + observedGeneration: 1 + reason: Successful + status: 'True' + type: ChildResourcesHealthy + - lastTransitionTime: '2024-07-12T21:14:17Z' + message: '' + observedGeneration: 1 + reason: Paused + status: 'True' + type: PipelinePausingOrPaused + observedGeneration: 1 + phase: Deployed \ No newline at end of file diff --git a/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/health.lua b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/health.lua new file mode 100644 index 0000000000000..03cb9181447b7 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/health.lua @@ -0,0 +1,15 @@ +hs = {} +if obj.status == nil or obj.status.compliant == nil then + hs.status = "Progressing" + hs.message = "Waiting for the status to be reported" + return hs +end +if obj.status.compliant == "Compliant" then + hs.status = "Healthy" + hs.message = "All certificates found comply with the policy" + return hs +else + hs.status = "Degraded" + hs.message = "At least once certificate does not comply with the policy" + return hs +end diff --git a/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/health_test.yaml b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/health_test.yaml new file mode 100644 index 0000000000000..017ce9ba50e60 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: Waiting for the status to be reported + inputPath: testdata/progressing_no_status.yaml + - healthStatus: + status: Degraded + message: At least once certificate does not comply with the policy + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: All certificates found comply with the policy + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/degraded.yaml b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/degraded.yaml new file mode 100644 index 0000000000000..4d44b3ad88d6e --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/degraded.yaml @@ -0,0 +1,34 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: CertificatePolicy +metadata: + name: policy-certificate + namespace: local-cluster +spec: + minimumDuration: 3000h + namespaceSelector: + exclude: + - kube-* + include: + - default + - cert-manager-operator + remediationAction: inform + severity: low +status: + compliancyDetails: + cert-manager-operator: + message: | + Found 1 non compliant certificates in the namespace cert-manager-operator. + List of non compliant certificates: + ca-root-secret expires in 2159h53m40.509362797s + nonCompliantCertificates: 1 + nonCompliantCertificatesList: + ca-root-secret: + ca: true + duration: 7776000000000000 + expiration: 2159h53m40.509362797s + expiry: 7775620509362797 + secretName: ca-root-secret + default: + message: | + Found 0 non compliant certificates in the namespace default. + compliant: NonCompliant diff --git a/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/healthy.yaml b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/healthy.yaml new file mode 100644 index 0000000000000..8e999cf937ffd --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/healthy.yaml @@ -0,0 +1,24 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: CertificatePolicy +metadata: + name: policy-certificate + namespace: local-cluster +spec: + minimumDuration: 300h + namespaceSelector: + exclude: + - kube-* + include: + - default + - cert-manager-operator + remediationAction: inform + severity: low +status: + compliancyDetails: + cert-manager-operator: + message: | + Found 0 non compliant certificates in the namespace cert-manager-operator. + default: + message: | + Found 0 non compliant certificates in the namespace default. + compliant: Compliant diff --git a/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/progressing_no_status.yaml b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/progressing_no_status.yaml new file mode 100644 index 0000000000000..5cb54c6075bb3 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/CertificatePolicy/testdata/progressing_no_status.yaml @@ -0,0 +1,15 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: CertificatePolicy +metadata: + name: policy-certificate + namespace: local-cluster +spec: + minimumDuration: 300h + namespaceSelector: + exclude: + - kube-* + include: + - default + - cert-manager-operator + remediationAction: inform + severity: low diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/health.lua b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/health.lua new file mode 100644 index 0000000000000..5a4f936faa7c5 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/health.lua @@ -0,0 +1,33 @@ +hs = {} +if obj.status == nil or obj.status.compliant == nil then + hs.status = "Progressing" + hs.message = "Waiting for the status to be reported" + return hs +end +if obj.status.lastEvaluatedGeneration ~= obj.metadata.generation then + hs.status = "Progressing" + hs.message = "Waiting for the status to be updated" + return hs +end +if obj.status.compliant == "Compliant" then + hs.status = "Healthy" +else + hs.status = "Degraded" +end +if obj.status.compliancyDetails ~= nil then + messages = {} + for i, compliancy in ipairs(obj.status.compliancyDetails) do + if compliancy.conditions ~= nil then + for i, condition in ipairs(compliancy.conditions) do + if condition.message ~= nil and condition.type ~= nil then + table.insert(messages, condition.type .. " - " .. condition.message) + end + end + end + end + hs.message = table.concat(messages, "; ") + return hs +end +hs.status = "Progressing" +hs.message = "Waiting for compliance" +return hs diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/health_test.yaml b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/health_test.yaml new file mode 100644 index 0000000000000..7eb34bbea2889 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/health_test.yaml @@ -0,0 +1,27 @@ +tests: + - healthStatus: + status: Progressing + message: Waiting for the status to be reported + inputPath: testdata/progressing_no_status.yaml + - healthStatus: + status: Degraded + message: >- + violation - namespaces [argo-example] not found; violation - namespaces + [argo-example-2] not found + inputPath: testdata/degraded.yaml + - healthStatus: + status: Progressing + message: Waiting for the status to be updated + inputPath: testdata/progressing.yaml + - healthStatus: + status: Healthy + message: >- + notification - namespaces [argo-example] was created successfully; + notification - namespaces [argo-example-2] was created successfully + inputPath: testdata/healthy_created.yaml + - healthStatus: + status: Healthy + message: >- + notification - namespaces [argo-example] found as specified; + notification - namespaces [argo-example-2] found as specified + inputPath: testdata/healthy_found.yaml diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/degraded.yaml b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/degraded.yaml new file mode 100644 index 0000000000000..407c0e54620d2 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/degraded.yaml @@ -0,0 +1,61 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: ConfigurationPolicy +metadata: + name: policy-namespace + generation: 2 + namespace: local-cluster +spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + recreateOption: None + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + recreateOption: None + pruneObjectBehavior: None + remediationAction: inform + severity: low +status: + compliancyDetails: + - Compliant: NonCompliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:34:29Z' + message: 'namespaces [argo-example] not found' + reason: K8s does not have a `must have` object + status: 'True' + type: violation + - Compliant: NonCompliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:39:00Z' + message: 'namespaces [argo-example-2] not found' + reason: K8s does not have a `must have` object + status: 'True' + type: violation + compliant: NonCompliant + lastEvaluated: '2024-07-29T16:39:18Z' + lastEvaluatedGeneration: 2 + relatedObjects: + - compliant: NonCompliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + reason: Resource not found but should exist + - compliant: NonCompliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + reason: Resource not found but should exist diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/healthy_created.yaml b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/healthy_created.yaml new file mode 100644 index 0000000000000..36d5034053374 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/healthy_created.yaml @@ -0,0 +1,67 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: ConfigurationPolicy +metadata: + name: policy-namespace + generation: 3 + namespace: local-cluster +spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + recreateOption: None + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + recreateOption: None + pruneObjectBehavior: None + remediationAction: enforce + severity: low +status: + compliancyDetails: + - Compliant: Compliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:58:50Z' + message: 'namespaces [argo-example] was created successfully' + reason: K8s creation success + status: 'True' + type: notification + - Compliant: Compliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:58:50Z' + message: 'namespaces [argo-example-2] was created successfully' + reason: K8s creation success + status: 'True' + type: notification + compliant: Compliant + lastEvaluated: '2024-07-29T16:58:50Z' + lastEvaluatedGeneration: 3 + relatedObjects: + - compliant: Compliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + properties: + createdByPolicy: true + uid: 782f50ee-4fa9-41d6-900e-66d9eaf8b111 + reason: K8s creation success + - compliant: Compliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + properties: + createdByPolicy: true + uid: ce34051f-a0dc-4db2-9f8f-64cc9223d4d7 + reason: K8s creation success diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/healthy_found.yaml b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/healthy_found.yaml new file mode 100644 index 0000000000000..8975989c09529 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/healthy_found.yaml @@ -0,0 +1,67 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: ConfigurationPolicy +metadata: + name: policy-namespace + generation: 3 + namespace: local-cluster +spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + recreateOption: None + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + recreateOption: None + pruneObjectBehavior: None + remediationAction: enforce + severity: low +status: + compliancyDetails: + - Compliant: Compliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:58:59Z' + message: 'namespaces [argo-example] found as specified' + reason: K8s `must have` object already exists + status: 'True' + type: notification + - Compliant: Compliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:58:59Z' + message: 'namespaces [argo-example-2] found as specified' + reason: K8s `must have` object already exists + status: 'True' + type: notification + compliant: Compliant + lastEvaluated: '2024-07-29T16:59:26Z' + lastEvaluatedGeneration: 3 + relatedObjects: + - compliant: Compliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + properties: + createdByPolicy: true + uid: 782f50ee-4fa9-41d6-900e-66d9eaf8b111 + reason: Resource found as expected + - compliant: Compliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + properties: + createdByPolicy: true + uid: ce34051f-a0dc-4db2-9f8f-64cc9223d4d7 + reason: Resource found as expected diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/progressing.yaml b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/progressing.yaml new file mode 100644 index 0000000000000..1b2cd4860ea08 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/progressing.yaml @@ -0,0 +1,61 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: ConfigurationPolicy +metadata: + name: policy-namespace + generation: 3 + namespace: local-cluster +spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + recreateOption: None + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + recreateOption: None + pruneObjectBehavior: None + remediationAction: enforce + severity: low +status: + compliancyDetails: + - Compliant: NonCompliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:34:29Z' + message: 'namespaces [argo-example] not found' + reason: K8s does not have a `must have` object + status: 'True' + type: violation + - Compliant: NonCompliant + Validity: {} + conditions: + - lastTransitionTime: '2024-07-29T16:39:00Z' + message: 'namespaces [argo-example-2] not found' + reason: K8s does not have a `must have` object + status: 'True' + type: violation + compliant: NonCompliant + lastEvaluated: '2024-07-29T16:39:18Z' + lastEvaluatedGeneration: 2 + relatedObjects: + - compliant: NonCompliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + reason: Resource not found but should exist + - compliant: NonCompliant + object: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + reason: Resource not found but should exist diff --git a/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/progressing_no_status.yaml b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/progressing_no_status.yaml new file mode 100644 index 0000000000000..1e43ce59ef121 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/ConfigurationPolicy/testdata/progressing_no_status.yaml @@ -0,0 +1,25 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: ConfigurationPolicy +metadata: + name: policy-namespace + generation: 2 + namespace: local-cluster +spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example + recreateOption: None + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: argo-example-2 + recreateOption: None + pruneObjectBehavior: None + remediationAction: inform + severity: low diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/health.lua b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/health.lua new file mode 100644 index 0000000000000..de8ed51192143 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/health.lua @@ -0,0 +1,26 @@ +hs = {} +if obj.status == nil or obj.status.conditions == nil then + hs.status = "Progressing" + hs.message = "Waiting for the status to be reported" + return hs +end +if obj.status.observedGeneration ~= nil and obj.status.observedGeneration ~= obj.metadata.generation then + hs.status = "Progressing" + hs.message = "Waiting for the status to be updated" + return hs +end +for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Compliant" then + hs.message = condition.message + if condition.status == "True" then + hs.status = "Healthy" + return hs + else + hs.status = "Degraded" + return hs + end + end +end +hs.status = "Progressing" +hs.message = "Waiting for the compliance condition" +return hs diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/health_test.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/health_test.yaml new file mode 100644 index 0000000000000..4c28366631eae --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/health_test.yaml @@ -0,0 +1,48 @@ +tests: + - healthStatus: + status: Progressing + message: Waiting for the status to be reported + inputPath: testdata/progressing_no_status.yaml + - healthStatus: + status: Degraded + message: >- + NonCompliant; the policy spec is valid, the policy does not specify an + OperatorGroup but one already exists in the namespace - assuming that + OperatorGroup is correct, the Subscription required by the policy was + not found, there are no relevant InstallPlans in the namespace, the + ClusterServiceVersion required by the policy was not found, no CRDs were + found for the operator, there are no relevant deployments because the + ClusterServiceVersion is missing, CatalogSource was found + inputPath: testdata/degraded.yaml + - healthStatus: + status: Progressing + message: Waiting for the status to be updated + inputPath: testdata/progressing_old_generation.yaml + - healthStatus: + status: Progressing + message: Waiting for the compliance condition + inputPath: testdata/progressing_no_compliance.yaml + - healthStatus: + status: Healthy + message: >- + Compliant; the policy spec is valid, the policy does not specify an + OperatorGroup but one already exists in the namespace - assuming that + OperatorGroup is correct, the Subscription matches what is required by + the policy, no InstallPlans requiring approval were found, + ClusterServiceVersion (argocd-operator.v0.11.0) - install strategy + completed with no errors, there are CRDs present for the operator, all + operator Deployments have their minimum availability, CatalogSource was + found + inputPath: testdata/healthy_no_generation.yaml + - healthStatus: + status: Healthy + message: >- + Compliant; the policy spec is valid, the policy does not specify an + OperatorGroup but one already exists in the namespace - assuming that + OperatorGroup is correct, the Subscription matches what is required by + the policy, no InstallPlans requiring approval were found, + ClusterServiceVersion (argocd-operator.v0.11.0) - install strategy + completed with no errors, there are CRDs present for the operator, all + operator Deployments have their minimum availability, CatalogSource was + found + inputPath: testdata/healthy_with_generation.yaml diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/degraded.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/degraded.yaml new file mode 100644 index 0000000000000..1256bc25586bc --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/degraded.yaml @@ -0,0 +1,69 @@ +apiVersion: policy.open-cluster-management.io/v1beta1 +kind: OperatorPolicy +metadata: + name: install-argocd + generation: 1 + namespace: local-cluster +spec: + complianceConfig: + catalogSourceUnhealthy: Compliant + deploymentsUnavailable: NonCompliant + upgradesAvailable: Compliant + complianceType: musthave + remediationAction: inform + removalBehavior: + clusterServiceVersions: Delete + customResourceDefinitions: Keep + operatorGroups: DeleteIfUnused + subscriptions: Delete + severity: high + subscription: + channel: alpha + name: argocd-operator + source: community-operators + sourceNamespace: openshift-marketplace + upgradeApproval: None + versions: [] +status: + compliant: NonCompliant + conditions: + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: CatalogSource was found + reason: CatalogSourcesFound + status: 'False' + type: CatalogSourcesUnhealthy + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: >- + NonCompliant; the policy spec is valid, the policy does not specify an + OperatorGroup but one already exists in the namespace - assuming that + OperatorGroup is correct, the Subscription required by the policy was + not found, there are no relevant InstallPlans in the namespace, the + ClusterServiceVersion required by the policy was not found, no CRDs were + found for the operator, there are no relevant deployments because the + ClusterServiceVersion is missing, CatalogSource was found + reason: NonCompliant + status: 'False' + type: Compliant + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: the Subscription required by the policy was not found + reason: SubscriptionMissing + status: 'False' + type: SubscriptionCompliant + relatedObjects: + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + metadata: + name: community-operators + namespace: openshift-marketplace + reason: Resource found as expected + - compliant: NonCompliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: argocd-operator + namespace: openshift-operators + reason: Resource not found but should exist + resolvedSubscriptionLabel: argocd-operator.openshift-operators diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/healthy_no_generation.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/healthy_no_generation.yaml new file mode 100644 index 0000000000000..39feedba5149b --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/healthy_no_generation.yaml @@ -0,0 +1,73 @@ +apiVersion: policy.open-cluster-management.io/v1beta1 +kind: OperatorPolicy +metadata: + name: install-argocd + generation: 2 + namespace: local-cluster +spec: + complianceConfig: + catalogSourceUnhealthy: Compliant + deploymentsUnavailable: NonCompliant + upgradesAvailable: Compliant + complianceType: musthave + remediationAction: enforce + removalBehavior: + clusterServiceVersions: Delete + customResourceDefinitions: Keep + operatorGroups: DeleteIfUnused + subscriptions: Delete + severity: high + subscription: + channel: alpha + name: argocd-operator + source: community-operators + sourceNamespace: openshift-marketplace + upgradeApproval: Automatic + versions: [] +status: + compliant: Compliant + conditions: + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: CatalogSource was found + reason: CatalogSourcesFound + status: 'False' + type: CatalogSourcesUnhealthy + - lastTransitionTime: '2024-07-29T15:48:20Z' + message: >- + Compliant; the policy spec is valid, the policy does not specify an + OperatorGroup but one already exists in the namespace - assuming that + OperatorGroup is correct, the Subscription matches what is required by + the policy, no InstallPlans requiring approval were found, + ClusterServiceVersion (argocd-operator.v0.11.0) - install strategy + completed with no errors, there are CRDs present for the operator, all + operator Deployments have their minimum availability, CatalogSource was + found + reason: Compliant + status: 'True' + type: Compliant + - lastTransitionTime: '2024-07-29T15:47:45Z' + message: the Subscription matches what is required by the policy + reason: SubscriptionMatches + status: 'True' + type: SubscriptionCompliant + relatedObjects: + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + metadata: + name: community-operators + namespace: openshift-marketplace + reason: Resource found as expected + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: argocd-operator + namespace: openshift-operators + properties: + createdByPolicy: true + uid: f3e6d8a7-eb73-4b29-b804-bf4609d2f7fb + reason: Resource found as expected + resolvedSubscriptionLabel: argocd-operator.openshift-operators diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/healthy_with_generation.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/healthy_with_generation.yaml new file mode 100644 index 0000000000000..07d45c229b979 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/healthy_with_generation.yaml @@ -0,0 +1,74 @@ +apiVersion: policy.open-cluster-management.io/v1beta1 +kind: OperatorPolicy +metadata: + name: install-argocd + generation: 2 + namespace: local-cluster +spec: + complianceConfig: + catalogSourceUnhealthy: Compliant + deploymentsUnavailable: NonCompliant + upgradesAvailable: Compliant + complianceType: musthave + remediationAction: enforce + removalBehavior: + clusterServiceVersions: Delete + customResourceDefinitions: Keep + operatorGroups: DeleteIfUnused + subscriptions: Delete + severity: high + subscription: + channel: alpha + name: argocd-operator + source: community-operators + sourceNamespace: openshift-marketplace + upgradeApproval: Automatic + versions: [] +status: + compliant: Compliant + conditions: + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: CatalogSource was found + reason: CatalogSourcesFound + status: 'False' + type: CatalogSourcesUnhealthy + - lastTransitionTime: '2024-07-29T15:48:20Z' + message: >- + Compliant; the policy spec is valid, the policy does not specify an + OperatorGroup but one already exists in the namespace - assuming that + OperatorGroup is correct, the Subscription matches what is required by + the policy, no InstallPlans requiring approval were found, + ClusterServiceVersion (argocd-operator.v0.11.0) - install strategy + completed with no errors, there are CRDs present for the operator, all + operator Deployments have their minimum availability, CatalogSource was + found + reason: Compliant + status: 'True' + type: Compliant + - lastTransitionTime: '2024-07-29T15:47:45Z' + message: the Subscription matches what is required by the policy + reason: SubscriptionMatches + status: 'True' + type: SubscriptionCompliant + observedGeneration: 2 + relatedObjects: + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + metadata: + name: community-operators + namespace: openshift-marketplace + reason: Resource found as expected + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: argocd-operator + namespace: openshift-operators + properties: + createdByPolicy: true + uid: f3e6d8a7-eb73-4b29-b804-bf4609d2f7fb + reason: Resource found as expected + resolvedSubscriptionLabel: argocd-operator.openshift-operators diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_no_compliance.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_no_compliance.yaml new file mode 100644 index 0000000000000..fdd7596aeb3c9 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_no_compliance.yaml @@ -0,0 +1,61 @@ +apiVersion: policy.open-cluster-management.io/v1beta1 +kind: OperatorPolicy +metadata: + name: install-argocd + generation: 2 + namespace: local-cluster +spec: + complianceConfig: + catalogSourceUnhealthy: Compliant + deploymentsUnavailable: NonCompliant + upgradesAvailable: Compliant + complianceType: musthave + remediationAction: enforce + removalBehavior: + clusterServiceVersions: Delete + customResourceDefinitions: Keep + operatorGroups: DeleteIfUnused + subscriptions: Delete + severity: high + subscription: + channel: alpha + name: argocd-operator + source: community-operators + sourceNamespace: openshift-marketplace + upgradeApproval: Automatic + versions: [] +status: + compliant: Compliant + conditions: + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: CatalogSource was found + reason: CatalogSourcesFound + status: 'False' + type: CatalogSourcesUnhealthy + - lastTransitionTime: '2024-07-29T15:47:45Z' + message: the Subscription matches what is required by the policy + reason: SubscriptionMatches + status: 'True' + type: SubscriptionCompliant + observedGeneration: 2 + relatedObjects: + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + metadata: + name: community-operators + namespace: openshift-marketplace + reason: Resource found as expected + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: argocd-operator + namespace: openshift-operators + properties: + createdByPolicy: true + uid: f3e6d8a7-eb73-4b29-b804-bf4609d2f7fb + reason: Resource found as expected + resolvedSubscriptionLabel: argocd-operator.openshift-operators diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_no_status.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_no_status.yaml new file mode 100644 index 0000000000000..e40a779400243 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_no_status.yaml @@ -0,0 +1,26 @@ +apiVersion: policy.open-cluster-management.io/v1beta1 +kind: OperatorPolicy +metadata: + name: install-argocd + generation: 1 + namespace: local-cluster +spec: + complianceConfig: + catalogSourceUnhealthy: Compliant + deploymentsUnavailable: NonCompliant + upgradesAvailable: Compliant + complianceType: musthave + remediationAction: inform + removalBehavior: + clusterServiceVersions: Delete + customResourceDefinitions: Keep + operatorGroups: DeleteIfUnused + subscriptions: Delete + severity: high + subscription: + channel: alpha + name: argocd-operator + source: community-operators + sourceNamespace: openshift-marketplace + upgradeApproval: None + versions: [] diff --git a/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_old_generation.yaml b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_old_generation.yaml new file mode 100644 index 0000000000000..4cdbaad9f5a2e --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/OperatorPolicy/testdata/progressing_old_generation.yaml @@ -0,0 +1,63 @@ +apiVersion: policy.open-cluster-management.io/v1beta1 +kind: OperatorPolicy +metadata: + name: install-argocd + generation: 2 + namespace: local-cluster +spec: + complianceConfig: + catalogSourceUnhealthy: Compliant + deploymentsUnavailable: NonCompliant + upgradesAvailable: Compliant + complianceType: musthave + remediationAction: enforce + removalBehavior: + clusterServiceVersions: Delete + customResourceDefinitions: Keep + operatorGroups: DeleteIfUnused + subscriptions: Delete + severity: high + subscription: + channel: alpha + name: argocd-operator + source: community-operators + sourceNamespace: openshift-marketplace + upgradeApproval: Automatic + versions: [] +status: + compliant: NonCompliant + conditions: + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: CatalogSource was found + reason: CatalogSourcesFound + status: 'False' + type: CatalogSourcesUnhealthy + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: 'NonCompliant; the policy spec is valid, the policy does not specify an OperatorGroup but one already exists in the namespace - assuming that OperatorGroup is correct, the Subscription required by the policy was not found, there are no relevant InstallPlans in the namespace, the ClusterServiceVersion required by the policy was not found, no CRDs were found for the operator, there are no relevant deployments because the ClusterServiceVersion is missing, CatalogSource was found' + reason: NonCompliant + status: 'False' + type: Compliant + - lastTransitionTime: '2024-07-29T15:20:48Z' + message: the Subscription required by the policy was not found + reason: SubscriptionMissing + status: 'False' + type: SubscriptionCompliant + observedGeneration: 1 + relatedObjects: + - compliant: Compliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + metadata: + name: community-operators + namespace: openshift-marketplace + reason: Resource found as expected + - compliant: NonCompliant + object: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: argocd-operator + namespace: openshift-operators + reason: Resource not found but should exist + resolvedSubscriptionLabel: argocd-operator.openshift-operators diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/health.lua b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua new file mode 100644 index 0000000000000..b969c367e121e --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua @@ -0,0 +1,38 @@ +hs = {} +if obj.status == nil or obj.status.compliant == nil then + hs.status = "Progressing" + hs.message = "Waiting for the status to be reported" + return hs +end +if obj.status.compliant == "Compliant" then + hs.status = "Healthy" +else + hs.status = "Degraded" +end +noncompliants = {} +if obj.status.status ~= nil then + -- "root" policy + for i, entry in ipairs(obj.status.status) do + if entry.compliant ~= "Compliant" then + table.insert(noncompliants, entry.clustername) + end + end + if #noncompliants == 0 then + hs.message = "All clusters are compliant" + else + hs.message = "NonCompliant clusters: " .. table.concat(noncompliants, ", ") + end +elseif obj.status.details ~= nil then + -- "replicated" policy + for i, entry in ipairs(obj.status.details) do + if entry.compliant ~= "Compliant" then + table.insert(noncompliants, entry.templateMeta.name) + end + end + if #noncompliants == 0 then + hs.message = "All templates are compliant" + else + hs.message = "NonCompliant templates: " .. table.concat(noncompliants, ", ") + end +end +return hs diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml new file mode 100644 index 0000000000000..ede9cc5c8a2c0 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Degraded + message: 'NonCompliant clusters: local-cluster, managed' + inputPath: testdata/degraded_root.yaml + - healthStatus: + status: Degraded + message: 'NonCompliant templates: example-namespace' + inputPath: testdata/degraded_replicated.yaml + - healthStatus: + status: Healthy + message: All clusters are compliant + inputPath: testdata/healthy_root.yaml + - healthStatus: + status: Healthy + message: All templates are compliant + inputPath: testdata/healthy_replicated.yaml diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_replicated.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_replicated.yaml new file mode 100644 index 0000000000000..5a0c3305fc4d6 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_replicated.yaml @@ -0,0 +1,80 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: open-cluster-management-global-set.argo-example + namespace: local-cluster + labels: + policy.open-cluster-management.io/cluster-name: local-cluster + policy.open-cluster-management.io/cluster-namespace: local-cluster + policy.open-cluster-management.io/root-policy: open-cluster-management-global-set.argo-example +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-namespace + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: example + remediationAction: inform + severity: low + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-pod + spec: + namespaceSelector: + exclude: + - kube-* + include: + - default + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Pod + metadata: + name: foobar + spec: + containers: + - image: 'registry.redhat.io/rhel9/httpd-24:latest' + name: httpd + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + remediationAction: enforce + severity: low +status: + compliant: NonCompliant + details: + - compliant: NonCompliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e701cc5101e3a4 + lastTimestamp: '2024-07-30T13:49:19Z' + message: 'NonCompliant; violation - namespaces [example] not found' + templateMeta: + creationTimestamp: null + name: example-namespace + - compliant: Compliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e7034c879045a3 + lastTimestamp: '2024-07-30T14:16:49Z' + message: 'Compliant; notification - pods [foobar] was created successfully in namespace default' + - eventName: open-cluster-management-global-set.argo-example.17e7020b47782ddc + lastTimestamp: '2024-07-30T13:53:49Z' + message: 'NonCompliant; violation - pods [foobar] not found in namespace default' + templateMeta: + creationTimestamp: null + name: example-pod diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_replicated_compliant_before_noncompliant.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_replicated_compliant_before_noncompliant.yaml new file mode 100644 index 0000000000000..d0c3c9aebe558 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_replicated_compliant_before_noncompliant.yaml @@ -0,0 +1,88 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: open-cluster-management-global-set.argo-example + namespace: local-cluster + labels: + policy.open-cluster-management.io/cluster-name: local-cluster + policy.open-cluster-management.io/cluster-namespace: local-cluster + policy.open-cluster-management.io/root-policy: open-cluster-management-global-set.argo-example +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-namespace + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: example + remediationAction: inform + severity: low + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-pod + spec: + namespaceSelector: + exclude: + - kube-* + include: + - default + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Pod + metadata: + name: foobar + spec: + containers: + - image: 'registry.redhat.io/rhel9/httpd-24:latest' + name: httpd + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + remediationAction: enforce + severity: low +status: + compliant: NonCompliant + details: + - compliant: Compliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e7034c879045a3 + lastTimestamp: '2024-07-30T14:16:49Z' + message: 'Compliant; notification - pods [foobar] was created successfully in namespace default' + templateMeta: + creationTimestamp: null + name: example-foo + - compliant: NonCompliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e701cc5101e3a4 + lastTimestamp: '2024-07-30T13:49:19Z' + message: 'NonCompliant; violation - namespaces [example] not found' + templateMeta: + creationTimestamp: null + name: example-namespace + - compliant: Compliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e7034c879045a3 + lastTimestamp: '2024-07-30T14:16:49Z' + message: 'Compliant; notification - pods [foobar] was created successfully in namespace default' + - eventName: open-cluster-management-global-set.argo-example.17e7020b47782ddc + lastTimestamp: '2024-07-30T13:53:49Z' + message: 'NonCompliant; violation - pods [foobar] not found in namespace default' + templateMeta: + creationTimestamp: null + name: example-pod diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_root.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_root.yaml new file mode 100644 index 0000000000000..62c54297c4240 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/degraded_root.yaml @@ -0,0 +1,68 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + generation: 2 + name: argo-example + namespace: open-cluster-management-global-set +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-namespace + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: example + remediationAction: inform + severity: low + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-pod + spec: + namespaceSelector: + exclude: + - kube-* + include: + - default + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Pod + metadata: + name: foobar + spec: + containers: + - image: 'registry.redhat.io/rhel9/httpd-24:latest' + name: httpd + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + remediationAction: inform + severity: low + remediationAction: inform +status: + compliant: NonCompliant + placement: + - placement: argo-example-placement + placementBinding: argo-example-placement + status: + - clustername: local-cluster + clusternamespace: local-cluster + compliant: NonCompliant + - clustername: managed + clusternamespace: managed + compliant: NonCompliant diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_replicated.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_replicated.yaml new file mode 100644 index 0000000000000..132311cf2bdf3 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_replicated.yaml @@ -0,0 +1,91 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + name: open-cluster-management-global-set.argo-example + generation: 4 + namespace: local-cluster + labels: + policy.open-cluster-management.io/cluster-name: local-cluster + policy.open-cluster-management.io/cluster-namespace: local-cluster + policy.open-cluster-management.io/root-policy: open-cluster-management-global-set.argo-example +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-namespace + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: example + remediationAction: inform + severity: low + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-pod + spec: + namespaceSelector: + exclude: + - kube-* + include: + - default + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Pod + metadata: + name: foobar + spec: + containers: + - image: 'registry.redhat.io/rhel9/httpd-24:latest' + name: httpd + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + remediationAction: inform + severity: low + remediationAction: inform +status: + compliant: Compliant + details: + - compliant: Compliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e703831ab809b3 + lastTimestamp: '2024-07-30T14:20:44Z' + message: 'Compliant; notification - namespaces [example] found as specified' + - eventName: open-cluster-management-global-set.argo-example.17e703810146765a + lastTimestamp: '2024-07-30T14:20:35Z' + message: 'Compliant; notification - namespaces [example] was created successfully' + - eventName: open-cluster-management-global-set.argo-example.17e701cc5101e3a4 + lastTimestamp: '2024-07-30T13:49:19Z' + message: 'NonCompliant; violation - namespaces [example] not found' + templateMeta: + creationTimestamp: null + name: example-namespace + - compliant: Compliant + history: + - eventName: open-cluster-management-global-set.argo-example.17e7034ea145078e + lastTimestamp: '2024-07-30T14:16:58Z' + message: 'Compliant; notification - pods [foobar] found as specified in namespace default' + - eventName: open-cluster-management-global-set.argo-example.17e7034c879045a3 + lastTimestamp: '2024-07-30T14:16:49Z' + message: 'Compliant; notification - pods [foobar] was created successfully in namespace default' + - eventName: open-cluster-management-global-set.argo-example.17e7020b47782ddc + lastTimestamp: '2024-07-30T13:53:49Z' + message: 'NonCompliant; violation - pods [foobar] not found in namespace default' + templateMeta: + creationTimestamp: null + name: example-pod diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_root.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_root.yaml new file mode 100644 index 0000000000000..e46b8a7db147c --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_root.yaml @@ -0,0 +1,68 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + generation: 4 + name: argo-example + namespace: open-cluster-management-global-set +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-namespace + spec: + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Namespace + metadata: + name: example + remediationAction: inform + severity: low + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: example-pod + spec: + namespaceSelector: + exclude: + - kube-* + include: + - default + object-templates: + - complianceType: musthave + objectDefinition: + apiVersion: v1 + kind: Pod + metadata: + name: foobar + spec: + containers: + - image: 'registry.redhat.io/rhel9/httpd-24:latest' + name: httpd + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + remediationAction: inform + severity: low + remediationAction: inform +status: + compliant: Compliant + placement: + - placement: argo-example-placement + placementBinding: argo-example-placement + status: + - clustername: local-cluster + clusternamespace: local-cluster + compliant: Compliant + - clustername: managed + clusternamespace: managed + compliant: Compliant diff --git a/resource_customizations/policy/PodDisruptionBudget/health.lua b/resource_customizations/policy/PodDisruptionBudget/health.lua new file mode 100644 index 0000000000000..594bdd3b897bf --- /dev/null +++ b/resource_customizations/policy/PodDisruptionBudget/health.lua @@ -0,0 +1,24 @@ +-- Reference CRD can be found here: +-- https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ +hs = {} +hs.status = "Progressing" +hs.message = "Waiting for status" + +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + -- InsufficientPods can have valid use cases + -- See a discussion in https://github.com/argoproj/argo-cd/issues/20171 for more details + if condition.status == "False" and condition.reason ~= "InsufficientPods" then + hs.status = "Degraded" + hs.message = "PodDisruptionBudget has " .. condition.reason + return hs + else + hs.status = "Healthy" + hs.message = "PodDisruptionBudget has " .. condition.reason + end + end + end +end + +return hs diff --git a/resource_customizations/policy/PodDisruptionBudget/health_test.yaml b/resource_customizations/policy/PodDisruptionBudget/health_test.yaml new file mode 100644 index 0000000000000..817c26a4c3092 --- /dev/null +++ b/resource_customizations/policy/PodDisruptionBudget/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Healthy + message: 'PodDisruptionBudget has SufficientPods' + inputPath: testdata/healthy.yaml +- healthStatus: + status: Progressing + message: 'Waiting for status' + inputPath: testdata/progressing.yaml +- healthStatus: + status: Degraded + message: 'PodDisruptionBudget has SyncFailed' + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/policy/PodDisruptionBudget/testdata/degraded.yaml b/resource_customizations/policy/PodDisruptionBudget/testdata/degraded.yaml new file mode 100644 index 0000000000000..1a95f19597e0d --- /dev/null +++ b/resource_customizations/policy/PodDisruptionBudget/testdata/degraded.yaml @@ -0,0 +1,29 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: foo + namespace: bar +spec: + minAvailable: 3 + selector: + matchLabels: + app.kubernetes.io/name: foo +status: + conditions: + - lastTransitionTime: "2024-09-06T18:29:05Z" + message: "" + observedGeneration: 2 + reason: InsufficientPods + status: "False" + type: DisruptionAllowed + - lastTransitionTime: "2024-09-06T18:29:06Z" + message: "" + observedGeneration: 2 + reason: SyncFailed + status: "False" + type: DisruptionAllowed + currentHealthy: 2 + desiredHealthy: 3 + disruptionsAllowed: 0 + expectedPods: 2 + observedGeneration: 2 diff --git a/resource_customizations/policy/PodDisruptionBudget/testdata/healthy.yaml b/resource_customizations/policy/PodDisruptionBudget/testdata/healthy.yaml new file mode 100644 index 0000000000000..9a971588a6820 --- /dev/null +++ b/resource_customizations/policy/PodDisruptionBudget/testdata/healthy.yaml @@ -0,0 +1,23 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: foo + namespace: bar +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: foo +status: + conditions: + - lastTransitionTime: "2024-09-06T18:29:05Z" + message: "" + observedGeneration: 1 + reason: SufficientPods + status: "True" + type: DisruptionAllowed + currentHealthy: 2 + desiredHealthy: 1 + disruptionsAllowed: 1 + expectedPods: 2 + observedGeneration: 1 diff --git a/resource_customizations/policy/PodDisruptionBudget/testdata/progressing.yaml b/resource_customizations/policy/PodDisruptionBudget/testdata/progressing.yaml new file mode 100644 index 0000000000000..3edcc7fd4cfa2 --- /dev/null +++ b/resource_customizations/policy/PodDisruptionBudget/testdata/progressing.yaml @@ -0,0 +1,10 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: foo + namespace: default +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: foo diff --git a/resource_customizations/rds.aws.crossplane.io/DBCluster/health.lua b/resource_customizations/rds.aws.crossplane.io/DBCluster/health.lua new file mode 100644 index 0000000000000..dafa85d47a859 --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBCluster/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for DBCluster to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for DBCluster to be created" +return hs diff --git a/resource_customizations/rds.aws.crossplane.io/DBCluster/health_test.yaml b/resource_customizations/rds.aws.crossplane.io/DBCluster/health_test.yaml new file mode 100644 index 0000000000000..280532d2bc195 --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBCluster/health_test.yaml @@ -0,0 +1,18 @@ +tests: +- healthStatus: + status: Progressing + message: Waiting for DBCluster to be available + inputPath: testdata/creating.yaml +- healthStatus: + status: Healthy + message: Available + inputPath: testdata/healthy.yaml +- healthStatus: + status: Degraded + message: "create failed: cannot create DBCluster in AWS: InvalidParameterValue: + Invalid DB engine\n\tstatus code: 400, request id: " + inputPath: testdata/degraded.yaml +- healthStatus: + status: Suspended + message: ReconcilePaused + inputPath: testdata/suspended.yaml diff --git a/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/creating.yaml b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/creating.yaml new file mode 100644 index 0000000000000..e5addf24b688b --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/creating.yaml @@ -0,0 +1,48 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBCluster +metadata: + name: test-rds1 +spec: + deletionPolicy: Delete + forProvider: + allowMajorVersionUpgrade: true + applyImmediately: true + autogeneratePassword: true + databaseName: app + dbSubnetGroupName: test-rds + engine: aurora-postgresql + engineVersion: '16.2' + masterUsername: root + skipFinalSnapshot: true + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws + publishConnectionDetailsTo: + configRef: + name: store-config + name: test-rds1-rds +status: + atProvider: + activityStreamStatus: stopped + clusterCreateTime: '2024-07-15T14:23:42Z' + crossAccountClone: false + dbClusterARN: 'arn:aws:rds:abc123:cluster:test-rds1' + dbClusterIdentifier: test-rds1 + dbClusterParameterGroup: default.aurora-postgresql16 + dbClusterResourceID: cluster-abc123 + dbSubnetGroup: test-rds + endpoint: test-rds1.cluster-abc.rds.amazonaws.com + status: creating + vpcSecurityGroups: + - status: active + vpcSecurityGroupID: sg-abc123 + conditions: + - lastTransitionTime: '2024-07-15T14:23:42Z' + reason: Creating + status: 'False' + type: Ready + - lastTransitionTime: '2024-07-15T14:23:42Z' + reason: ReconcileSuccess + status: 'True' + type: Synced diff --git a/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/degraded.yaml b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/degraded.yaml new file mode 100644 index 0000000000000..1203a9421accd --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/degraded.yaml @@ -0,0 +1,37 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBCluster +metadata: + name: test-rds1 +spec: + deletionPolicy: Delete + forProvider: + allowMajorVersionUpgrade: true + applyImmediately: true + autogeneratePassword: true + databaseName: app + dbSubnetGroupName: test-rds + engine: foobar + engineVersion: '16.2' + masterUsername: root + skipFinalSnapshot: true + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws + publishConnectionDetailsTo: + configRef: + name: store-config + name: test-rds1-rds +status: + atProvider: {} + conditions: + - lastTransitionTime: "2024-07-17T18:03:12Z" + reason: Creating + status: "False" + type: Ready + - lastTransitionTime: "2024-07-17T18:03:12Z" + message: "create failed: cannot create DBCluster in AWS: InvalidParameterValue: + Invalid DB engine\n\tstatus code: 400, request id: " + reason: ReconcileError + status: "False" + type: Synced diff --git a/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/healthy.yaml b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/healthy.yaml new file mode 100644 index 0000000000000..3e824228a25ad --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/healthy.yaml @@ -0,0 +1,61 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBCluster +metadata: + name: test-rds1 +spec: + deletionPolicy: Delete + forProvider: + allowMajorVersionUpgrade: true + applyImmediately: true + autogeneratePassword: true + databaseName: app + dbSubnetGroupName: test-rds + engine: aurora-postgresql + engineVersion: '16.2' + masterUsername: root + skipFinalSnapshot: true + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws + publishConnectionDetailsTo: + configRef: + name: store-config + name: test-rds1-rds +status: + atProvider: + activityStreamStatus: stopped + clusterCreateTime: "2024-07-15T14:23:42Z" + crossAccountClone: false + dbClusterARN: arn:aws:rds:abc123:cluster:test-rds1 + dbClusterIdentifier: test-rds1 + dbClusterMembers: + - dbClusterParameterGroupStatus: in-sync + dbInstanceIdentifier: test-rds1-0 + isClusterWriter: true + promotionTier: 1 + dbClusterParameterGroup: default.aurora-postgresql16 + dbClusterResourceID: cluster-abc123 + dbSubnetGroup: sandbox5-valhalla-rds + earliestRestorableTime: "2024-07-15T14:24:40Z" + endpoint: test-rds1.cluster-abc123.rds.amazonaws.com + engineVersion: "16.2" + hostedZoneID: abc123 + httpEndpointEnabled: false + iamDatabaseAuthenticationEnabled: false + latestRestorableTime: "2024-07-15T14:46:08Z" + multiAZ: false + readerEndpoint: test-rds1.abc123.rds.amazonaws.com + status: available + vpcSecurityGroups: + - status: active + vpcSecurityGroupID: sg-abc123 + conditions: + - lastTransitionTime: "2024-07-15T14:48:40Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-15T14:23:42Z" + reason: ReconcileSuccess + status: "True" + type: Synced diff --git a/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/suspended.yaml b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/suspended.yaml new file mode 100644 index 0000000000000..960f4d86733ee --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBCluster/testdata/suspended.yaml @@ -0,0 +1,37 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBCluster +metadata: + name: test-rds1 + annotations: + crossplane.io/paused: "true" +spec: + deletionPolicy: Delete + forProvider: + allowMajorVersionUpgrade: true + applyImmediately: true + autogeneratePassword: true + databaseName: app + dbSubnetGroupName: test-rds + engine: aurora-postgresql + engineVersion: '16.2' + masterUsername: root + skipFinalSnapshot: true + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws + publishConnectionDetailsTo: + configRef: + name: store-config + name: test-rds1-rds +status: + atProvider: {} + conditions: + - lastTransitionTime: "2024-07-17T18:03:12Z" + reason: Creating + status: "False" + type: Ready + - lastTransitionTime: "2024-07-17T18:04:55Z" + reason: ReconcilePaused + status: "False" + type: Synced diff --git a/resource_customizations/rds.aws.crossplane.io/DBInstance/health.lua b/resource_customizations/rds.aws.crossplane.io/DBInstance/health.lua new file mode 100644 index 0000000000000..91e22df91a6be --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBInstance/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for DBInstance to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for DBInstance to be created" +return hs diff --git a/resource_customizations/rds.aws.crossplane.io/DBInstance/health_test.yaml b/resource_customizations/rds.aws.crossplane.io/DBInstance/health_test.yaml new file mode 100644 index 0000000000000..d8db77007ca88 --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBInstance/health_test.yaml @@ -0,0 +1,14 @@ +tests: +- healthStatus: + status: Progressing + message: Waiting for DBInstance to be available + inputPath: testdata/creating.yaml +- healthStatus: + status: Healthy + message: Available + inputPath: testdata/healthy.yaml +- healthStatus: + status: Degraded + message: "update failed: cannot update DBInstance in AWS: InvalidParameterValue: + Invalid DB Instance class: db.t4g.foobar\n\tstatus code: 400, request id: " + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/creating.yaml b/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/creating.yaml new file mode 100644 index 0000000000000..883d55e0041b4 --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/creating.yaml @@ -0,0 +1,45 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBInstance +metadata: + name: test-rds1-0 +spec: + deletionPolicy: Delete + forProvider: + autoMinorVersionUpgrade: true + caCertificateIdentifier: rds-ca-rsa2048-g1 + dbClusterIdentifier: test-rds1 + dbInstanceClass: db.t4g.medium + dbName: app + dbSubnetGroupName: test-rds + enablePerformanceInsights: false + engine: aurora-postgresql + licenseModel: postgresql-license + masterUsername: root + multiAZ: false + preferredMaintenanceWindow: 'tue:00:36-tue:01:06' + promotionTier: 1 + publiclyAccessible: false + region: eu-north-1 + storageThroughput: 0 + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws +status: + atProvider: + certificateDetails: + cAIdentifier: rds-ca-rsa2048-g1 + customerOwnedIPEnabled: false + dbInstanceARN: 'arn:aws:rds:abc:db:test-rds1-0' + dbInstanceIdentifier: test-rds1-0 + dbInstancePort: 0 + dbInstanceStatus: creating + conditions: + - lastTransitionTime: '2024-07-15T14:25:07Z' + reason: Creating + status: 'False' + type: Ready + - lastTransitionTime: '2024-07-15T14:25:07Z' + reason: ReconcileSuccess + status: 'True' + type: Synced diff --git a/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/degraded.yaml b/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/degraded.yaml new file mode 100644 index 0000000000000..60fd417bada80 --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/degraded.yaml @@ -0,0 +1,64 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBInstance +metadata: + name: test-rds1-0 +spec: + deletionPolicy: Delete + forProvider: + autoMinorVersionUpgrade: true + caCertificateIdentifier: rds-ca-rsa2048-g1 + dbClusterIdentifier: test-rds1 + dbInstanceClass: db.t4g.foobar + dbName: app + dbSubnetGroupName: test-rds + enablePerformanceInsights: false + engine: aurora-postgresql + licenseModel: postgresql-license + masterUsername: root + multiAZ: false + preferredMaintenanceWindow: 'tue:00:36-tue:01:06' + promotionTier: 1 + publiclyAccessible: false + region: eu-north-1 + storageThroughput: 0 + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws +status: + atProvider: + certificateDetails: + cAIdentifier: rds-ca-rsa2048-g1 + validTill: "2025-07-15T16:06:53Z" + customerOwnedIPEnabled: false + dbInstanceARN: arn:aws:rds:123:db:test-rds1-app-0 + dbInstanceIdentifier: test-rds1-app-0 + dbInstancePort: 0 + dbInstanceStatus: available + dbiResourceID: db-123 + endpoint: + address: test-rds1-app-0.123.abc.rds.amazonaws.com + hostedZoneID: ABC213 + port: 5432 + engineVersion: "16.2" + iamDatabaseAuthenticationEnabled: false + instanceCreateTime: "2024-07-15T16:08:27Z" + optionGroupMemberships: + - optionGroupName: default:aurora-postgresql-16 + status: in-sync + pendingModifiedValues: {} + performanceInsightsEnabled: false + vpcSecurityGroups: + - status: active + vpcSecurityGroupID: sg-abc123 + conditions: + - lastTransitionTime: "2024-07-15T17:04:24Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-17T17:57:38Z" + message: "update failed: cannot update DBInstance in AWS: InvalidParameterValue: + Invalid DB Instance class: db.t4g.foobar\n\tstatus code: 400, request id: " + reason: ReconcileError + status: "False" + type: Synced diff --git a/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/healthy.yaml b/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/healthy.yaml new file mode 100644 index 0000000000000..c993c91b7bd6d --- /dev/null +++ b/resource_customizations/rds.aws.crossplane.io/DBInstance/testdata/healthy.yaml @@ -0,0 +1,65 @@ +apiVersion: rds.aws.crossplane.io/v1alpha1 +kind: DBInstance +metadata: + name: test-rds1-0 +spec: + deletionPolicy: Delete + forProvider: + autoMinorVersionUpgrade: true + caCertificateIdentifier: rds-ca-rsa2048-g1 + dbClusterIdentifier: test-rds1 + dbInstanceClass: db.t4g.medium + dbName: app + dbSubnetGroupName: test-rds + enablePerformanceInsights: false + engine: aurora-postgresql + licenseModel: postgresql-license + masterUsername: root + multiAZ: false + preferredMaintenanceWindow: 'tue:00:36-tue:01:06' + promotionTier: 1 + publiclyAccessible: false + region: eu-north-1 + storageThroughput: 0 + managementPolicies: + - '*' + providerConfigRef: + name: provider-aws +status: + atProvider: + certificateDetails: + cAIdentifier: rds-ca-rsa2048-g1 + validTill: "2025-07-15T14:27:27Z" + customerOwnedIPEnabled: false + dbInstanceARN: arn:aws:rds:abc123:db:test-rds1-0 + dbInstanceIdentifier: test-rds1-0 + dbInstancePort: 0 + dbInstanceStatus: available + dbParameterGroups: + - dbParameterGroupName: default.aurora-postgresql16 + parameterApplyStatus: in-sync + dbiResourceID: db-abc123 + endpoint: + address: test-rds1-0.abc123.rds.amazonaws.com + hostedZoneID: abc123 + port: 5432 + engineVersion: "16.2" + iamDatabaseAuthenticationEnabled: false + instanceCreateTime: "2024-07-15T14:29:00Z" + optionGroupMemberships: + - optionGroupName: default:aurora-postgresql-16 + status: in-sync + pendingModifiedValues: {} + performanceInsightsEnabled: false + vpcSecurityGroups: + - status: active + vpcSecurityGroupID: sg-abc123 + conditions: + - lastTransitionTime: "2024-07-15T14:48:40Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-15T14:25:07Z" + reason: ReconcileSuccess + status: "True" + type: Synced diff --git a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/health.lua b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/health.lua new file mode 100644 index 0000000000000..0cf5253e910ff --- /dev/null +++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for resourcrecordset to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for resourcrecordset to be created" +return hs diff --git a/resource_customizations/s3.aws.crossplane.io/Bucket/health.lua b/resource_customizations/s3.aws.crossplane.io/Bucket/health.lua new file mode 100644 index 0000000000000..ae9d8ff97ff9f --- /dev/null +++ b/resource_customizations/s3.aws.crossplane.io/Bucket/health.lua @@ -0,0 +1,41 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local ready = false + local synced = false + local suspended = false + for i, condition in ipairs(obj.status.conditions) do + + if condition.type == "Ready" then + ready = condition.status == "True" + ready_message = condition.reason + elseif condition.type == "Synced" then + synced = condition.status == "True" + if condition.reason == "ReconcileError" then + synced_message = condition.message + elseif condition.reason == "ReconcilePaused" then + suspended = true + suspended_message = condition.reason + end + end + end + if ready and synced then + hs.status = "Healthy" + hs.message = ready_message + elseif synced == false and suspended == true then + hs.status = "Suspended" + hs.message = suspended_message + elseif ready == false and synced == true and suspended == false then + hs.status = "Progressing" + hs.message = "Waiting for Bucket to be available" + else + hs.status = "Degraded" + hs.message = synced_message + end + return hs + end +end + +hs.status = "Progressing" +hs.message = "Waiting for Bucket to be created" +return hs diff --git a/resource_customizations/s3.aws.crossplane.io/Bucket/health_test.yaml b/resource_customizations/s3.aws.crossplane.io/Bucket/health_test.yaml new file mode 100644 index 0000000000000..7fd4388805e9b --- /dev/null +++ b/resource_customizations/s3.aws.crossplane.io/Bucket/health_test.yaml @@ -0,0 +1,14 @@ +tests: +- healthStatus: + status: Degraded + message: >- + delete failed: operation error S3: DeleteBucket, https response error + StatusCode: 409, RequestID: ABC123, HostID: + ABC/123/ABC=, + api error BucketNotEmpty: The bucket you tried to delete is not empty. + You must delete all versions in the bucket. + inputPath: testdata/ReconcileError.yaml +- healthStatus: + status: Healthy + message: Available + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/s3.aws.crossplane.io/Bucket/testdata/ReconcileError.yaml b/resource_customizations/s3.aws.crossplane.io/Bucket/testdata/ReconcileError.yaml new file mode 100644 index 0000000000000..601a08e623d0c --- /dev/null +++ b/resource_customizations/s3.aws.crossplane.io/Bucket/testdata/ReconcileError.yaml @@ -0,0 +1,42 @@ +apiVersion: s3.aws.crossplane.io/v1beta1 +kind: Bucket +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + locationConstraint: eu-north-1 + objectOwnership: BucketOwnerEnforced + paymentConfiguration: + payer: BucketOwner + publicAccessBlockConfiguration: + blockPublicAcls: true + blockPublicPolicy: true + ignorePublicAcls: true + restrictPublicBuckets: true + serverSideEncryptionConfiguration: + rules: + - applyServerSideEncryptionByDefault: + sseAlgorithm: AES256 + versioningConfiguration: + status: Suspended + providerConfigRef: + name: provider-aws +status: + atProvider: + arn: 'arn:aws:s3:::example' + conditions: + - lastTransitionTime: '2024-07-12T09:51:07Z' + reason: Deleting + status: 'False' + type: Ready + - lastTransitionTime: '2024-07-12T09:51:07Z' + message: >- + delete failed: operation error S3: DeleteBucket, https response error + StatusCode: 409, RequestID: ABC123, HostID: + ABC/123/ABC=, + api error BucketNotEmpty: The bucket you tried to delete is not empty. + You must delete all versions in the bucket. + reason: ReconcileError + status: 'False' + type: Synced diff --git a/resource_customizations/s3.aws.crossplane.io/Bucket/testdata/healthy.yaml b/resource_customizations/s3.aws.crossplane.io/Bucket/testdata/healthy.yaml new file mode 100644 index 0000000000000..fc29b984719f0 --- /dev/null +++ b/resource_customizations/s3.aws.crossplane.io/Bucket/testdata/healthy.yaml @@ -0,0 +1,36 @@ +apiVersion: s3.aws.crossplane.io/v1beta1 +kind: Bucket +metadata: + name: example +spec: + deletionPolicy: Delete + forProvider: + locationConstraint: eu-north-1 + objectOwnership: BucketOwnerEnforced + paymentConfiguration: + payer: BucketOwner + publicAccessBlockConfiguration: + blockPublicAcls: true + blockPublicPolicy: true + ignorePublicAcls: true + restrictPublicBuckets: true + serverSideEncryptionConfiguration: + rules: + - applyServerSideEncryptionByDefault: + sseAlgorithm: AES256 + versioningConfiguration: + status: Suspended + providerConfigRef: + name: provider-aws +status: + atProvider: + arn: arn:aws:s3:::example + conditions: + - lastTransitionTime: "2024-07-12T12:50:46Z" + reason: Available + status: "True" + type: Ready + - lastTransitionTime: "2024-07-12T12:50:44Z" + reason: ReconcileSuccess + status: "True" + type: Synced diff --git a/resource_customizations/serving.kserve.io/InferenceService/health.lua b/resource_customizations/serving.kserve.io/InferenceService/health.lua index 85da1161f315f..94959de841d59 100644 --- a/resource_customizations/serving.kserve.io/InferenceService/health.lua +++ b/resource_customizations/serving.kserve.io/InferenceService/health.lua @@ -1,50 +1,59 @@ --- isInferenceServiceInRawDeploymentMode determines if the inference service deployed in RawDeployment mode --- KServe v12 and above supports Rawdeployment for Inference graphs. For Inference services, KServe has supported RawDeployment model since [v0.7.0](https://github.com/kserve/kserve/releases/tag/v0.7.0). -function isInferenceServiceInRawDeploymentMode(obj) - if obj.metadata.annotations == nil then - return false - end - local deploymentMode = obj.metadata.annotations["serving.kserve.io/deploymentMode"] - return deploymentMode ~= nil and deploymentMode == "RawDeployment" -end - local health_status = {} + health_status.status = "Progressing" -health_status.message = "Waiting for status update." -if obj.status ~= nil and obj.status.conditions ~= nil then - local status_true = 0 +health_status.message = "Waiting for InferenceService to report status..." + +if obj.status ~= nil then + + local progressing = false + local degraded = false local status_false = 0 local status_unknown = 0 - health_status.message = "" - for i, condition in pairs(obj.status.conditions) do - if condition.status == "True" and (condition.type == "IngressReady" or condition.type == "PredictorConfigurationReady" or condition.type == "PredictorReady" or condition.type == "PredictorRouteReady" or condition.type == "Ready") then - status_true = status_true + 1 - elseif condition.status == "False" or condition.status == "Unknown" then - msg = condition.type .. " is " .. condition.status - if condition.reason ~= nil and condition.reason ~= "" then - msg = msg .. ", since " .. condition.reason .. "." - end - if condition.message ~= nil and condition.message ~= "" then - msg = msg .. " " .. condition.message - end - health_status.message = health_status.message .. msg .. "\n" - if condition.status == "False" then - status_false = status_false + 1 + local msg = "" + + if obj.status.modelStatus ~= nil then + if obj.status.modelStatus.transitionStatus ~= "UpToDate" then + if obj.status.modelStatus.transitionStatus == "InProgress" then + progressing = true else - status_unknown = status_unknown + 1 + degraded = true end + msg = msg .. "0: transitionStatus | " .. obj.status.modelStatus.transitionStatus end end - if ((isInferenceServiceInRawDeploymentMode(obj) and status_true == 3) or status_true == 5) and status_false == 0 and status_unknown == 0 then - health_status.message = "Inference Service is healthy." - health_status.status = "Healthy" - return health_status - elseif status_false > 0 then - health_status.status = "Degraded" - return health_status - else - health_status.status = "Progressing" - return health_status + + if obj.status.conditions ~= nil then + for i, condition in pairs(obj.status.conditions) do + + if condition.status == "Unknown" then + status_unknown = status_unknown + 1 + elseif condition.status == "False" then + status_false = status_false + 1 + end + + if condition.status ~= "True" then + msg = msg .. " | " .. i .. ": " .. condition.type .. " | " .. condition.status + if condition.reason ~= nil and condition.reason ~= "" then + msg = msg .. " | " .. condition.reason + end + if condition.message ~= nil and condition.message ~= "" then + msg = msg .. " | " .. condition.message + end + end + + end + + if progressing == false and degraded == false and status_unknown == 0 and status_false == 0 then + health_status.status = "Healthy" + msg = "InferenceService is healthy." + elseif degraded == false and status_unknown >= 0 then + health_status.status = "Progressing" + else + health_status.status = "Degraded" + end + + health_status.message = msg end end -return health_status \ No newline at end of file + +return health_status diff --git a/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml b/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml index 1dc5576f93f3a..670b194f79d41 100644 --- a/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml +++ b/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml @@ -1,17 +1,41 @@ tests: - healthStatus: status: Progressing - message: "PredictorConfigurationReady is Unknown\nPredictorReady is Unknown, since RevisionMissing. Configuration \"hello-world-predictor-default\" is waiting for a Revision to become ready.\nPredictorRouteReady is Unknown, since RevisionMissing. Configuration \"hello-world-predictor-default\" is waiting for a Revision to become ready.\nReady is Unknown, since RevisionMissing. Configuration \"hello-world-predictor-default\" is waiting for a Revision to become ready.\n" + message: ' | 1: PredictorConfigurationReady | Unknown | 2: PredictorReady | Unknown | RevisionMissing | Configuration "hello-world-predictor-default" is waiting for a Revision to become ready. | 3: PredictorRouteReady | Unknown | RevisionMissing | Configuration "hello-world-predictor-default" is waiting for a Revision to become ready. | 4: Ready | Unknown | RevisionMissing | Configuration "hello-world-predictor-default" is waiting for a Revision to become ready.' inputPath: testdata/progressing.yaml +- healthStatus: + status: Progressing + message: '0: transitionStatus | InProgress | 1: LatestDeploymentReady | Unknown | PredictorConfigurationReady not ready | 2: PredictorConfigurationReady | Unknown | 3: PredictorReady | Unknown | RevisionMissing | Configuration "helloworld-predictor" is waiting for a Revision to become ready. | 4: PredictorRouteReady | Unknown | RevisionMissing | Configuration "helloworld-predictor" is waiting for a Revision to become ready. | 5: Ready | Unknown | RevisionMissing | Configuration "helloworld-predictor" is waiting for a Revision to become ready. | 6: RoutesReady | Unknown | PredictorRouteReady not ready' + inputPath: testdata/progressing_ocp.yaml +- healthStatus: + status: Progressing + message: "0: transitionStatus | InProgress | 1: PredictorReady | False | 2: Ready | False" + inputPath: testdata/progressing_modelmesh.yaml - healthStatus: status: Degraded - message: "IngressReady is False, since Predictor ingress not created.\nPredictorConfigurationReady is False, since RevisionFailed. Revision \"helloworld-00002\" failed with message: Container failed with: container exited with no error.\nPredictorReady is False, since RevisionFailed. Revision \"helloworld-00002\" failed with message: Container failed with: container exited with no error.\nReady is False, since Predictor ingress not created.\n" + message: '0: transitionStatus | BlockedByFailedLoad | 1: IngressReady | False | Predictor ingress not created | 2: PredictorConfigurationReady | False | RevisionFailed | Revision "helloworld-00002" failed with message: Container failed with: container exited with no error. | 3: PredictorReady | False | RevisionFailed | Revision "helloworld-00002" failed with message: Container failed with: container exited with no error. | 5: Ready | False | Predictor ingress not created' inputPath: testdata/degraded.yaml +- healthStatus: + status: Degraded + message: '0: transitionStatus | BlockedByFailedLoad | 1: LatestDeploymentReady | False | PredictorConfigurationReady not ready | 2: PredictorConfigurationReady | False | RevisionFailed | Revision "helloworld-predictor-00002" failed with message: . | 3: PredictorReady | False | RevisionMissing | Configuration "helloworld-predictor" does not have any ready Revision. | 4: PredictorRouteReady | False | RevisionMissing | Configuration "helloworld-predictor" does not have any ready Revision. | 5: Ready | False | RevisionMissing | Configuration "helloworld-predictor" does not have any ready Revision. | 6: RoutesReady | False | PredictorRouteReady not ready' + inputPath: testdata/degraded_ocp.yaml +- healthStatus: + status: Degraded + message: "0: transitionStatus | BlockedByFailedLoad" + inputPath: testdata/degraded_modelmesh.yaml - healthStatus: status: Healthy - message: Inference Service is healthy. + message: InferenceService is healthy. inputPath: testdata/healthy.yaml - healthStatus: status: Healthy - message: Inference Service is healthy. + message: InferenceService is healthy. + inputPath: testdata/healthy_ocp.yaml +- healthStatus: + status: Healthy + message: InferenceService is healthy. + inputPath: testdata/healthy_modelmesh.yaml +- healthStatus: + status: Healthy + message: InferenceService is healthy. inputPath: testdata/healthy_raw.yaml diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml index 0cd337860c670..291e4392f59f8 100644 --- a/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded.yaml @@ -28,3 +28,5 @@ status: reason: Predictor ingress not created status: "False" type: Ready + modelStatus: + transitionStatus: BlockedByFailedLoad \ No newline at end of file diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded_modelmesh.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded_modelmesh.yaml new file mode 100644 index 0000000000000..54ac46fa59356 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded_modelmesh.yaml @@ -0,0 +1,16 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: '2024-05-30T22:43:16Z' + status: 'True' + type: PredictorReady + - lastTransitionTime: '2024-05-30T22:43:16Z' + status: 'True' + type: Ready + modelStatus: + transitionStatus: BlockedByFailedLoad diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded_ocp.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded_ocp.yaml new file mode 100644 index 0000000000000..d85c755dea51b --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/degraded_ocp.yaml @@ -0,0 +1,42 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: '2024-05-30T23:03:45Z' + reason: PredictorConfigurationReady not ready + severity: Info + status: 'False' + type: LatestDeploymentReady + - lastTransitionTime: '2024-05-30T23:03:45Z' + message: 'Revision "helloworld-predictor-00002" failed with message: .' + reason: RevisionFailed + severity: Info + status: 'False' + type: PredictorConfigurationReady + - lastTransitionTime: '2024-05-30T23:03:45Z' + message: Configuration "helloworld-predictor" does not have any ready Revision. + reason: RevisionMissing + status: 'False' + type: PredictorReady + - lastTransitionTime: '2024-05-30T23:03:45Z' + message: Configuration "helloworld-predictor" does not have any ready Revision. + reason: RevisionMissing + severity: Info + status: 'False' + type: PredictorRouteReady + - lastTransitionTime: '2024-05-30T23:03:45Z' + message: Configuration "helloworld-predictor" does not have any ready Revision. + reason: RevisionMissing + status: 'False' + type: Ready + - lastTransitionTime: '2024-05-30T23:03:45Z' + reason: PredictorRouteReady not ready + severity: Info + status: 'False' + type: RoutesReady + modelStatus: + transitionStatus: BlockedByFailedLoad diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_modelmesh.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_modelmesh.yaml new file mode 100644 index 0000000000000..290171afe2cdd --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_modelmesh.yaml @@ -0,0 +1,16 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: '2024-05-30T22:43:16Z' + status: 'True' + type: PredictorReady + - lastTransitionTime: '2024-05-30T22:43:16Z' + status: 'True' + type: Ready + modelStatus: + transitionStatus: UpToDate diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_ocp.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_ocp.yaml new file mode 100644 index 0000000000000..9d65c2b379e05 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_ocp.yaml @@ -0,0 +1,35 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: '2024-05-30T22:14:31Z' + status: 'True' + type: IngressReady + - lastTransitionTime: '2024-05-30T22:14:30Z' + severity: Info + status: 'True' + type: LatestDeploymentReady + - lastTransitionTime: '2024-05-30T22:14:30Z' + severity: Info + status: 'True' + type: PredictorConfigurationReady + - lastTransitionTime: '2024-05-30T22:14:31Z' + status: 'True' + type: PredictorReady + - lastTransitionTime: '2024-05-30T22:14:31Z' + severity: Info + status: 'True' + type: PredictorRouteReady + - lastTransitionTime: '2024-05-30T22:14:31Z' + status: 'True' + type: Ready + - lastTransitionTime: '2024-05-30T22:14:31Z' + severity: Info + status: 'True' + type: RoutesReady + modelStatus: + transitionStatus: UpToDate diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing_modelmesh.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing_modelmesh.yaml new file mode 100644 index 0000000000000..1edb429504e33 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing_modelmesh.yaml @@ -0,0 +1,16 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: '2024-05-30T22:43:16Z' + status: 'False' + type: PredictorReady + - lastTransitionTime: '2024-05-30T22:43:16Z' + status: 'False' + type: Ready + modelStatus: + transitionStatus: InProgress diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing_ocp.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing_ocp.yaml new file mode 100644 index 0000000000000..aa476e80cebb4 --- /dev/null +++ b/resource_customizations/serving.kserve.io/InferenceService/testdata/progressing_ocp.yaml @@ -0,0 +1,40 @@ +apiVersion: serving.kserve.io/v1beta1 +kind: InferenceService +metadata: + name: helloworld + namespace: default +spec: {} +status: + conditions: + - lastTransitionTime: '2024-05-30T22:29:46Z' + reason: PredictorConfigurationReady not ready + severity: Info + status: Unknown + type: LatestDeploymentReady + - lastTransitionTime: '2024-05-30T22:29:46Z' + severity: Info + status: Unknown + type: PredictorConfigurationReady + - lastTransitionTime: '2024-05-30T22:29:46Z' + message: Configuration "helloworld-predictor" is waiting for a Revision to become ready. + reason: RevisionMissing + status: Unknown + type: PredictorReady + - lastTransitionTime: '2024-05-30T22:29:46Z' + message: Configuration "helloworld-predictor" is waiting for a Revision to become ready. + reason: RevisionMissing + severity: Info + status: Unknown + type: PredictorRouteReady + - lastTransitionTime: '2024-05-30T22:29:46Z' + message: Configuration "helloworld-predictor" is waiting for a Revision to become ready. + reason: RevisionMissing + status: Unknown + type: Ready + - lastTransitionTime: '2024-05-30T22:29:46Z' + reason: PredictorRouteReady not ready + severity: Info + status: Unknown + type: RoutesReady + modelStatus: + transitionStatus: InProgress diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/action_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/action_test.yaml new file mode 100644 index 0000000000000..170d73e9a8e02 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_bucket.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_bucket.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_bucket.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_bucket.yaml + expectedOutputPath: testdata/reconciled_bucket.yaml +- action: suspend + inputPath: testdata/initial_bucket.yaml + expectedOutputPath: testdata/suspended_bucket.yaml +- action: resume + inputPath: testdata/suspended_bucket.yaml + expectedOutputPath: testdata/resumed_bucket.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/discovery.lua b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/reconcile/action.lua b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/resume/action.lua b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/suspend/action.lua b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/initial_bucket.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/initial_bucket.yaml new file mode 100644 index 0000000000000..2de992d401e6c --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/initial_bucket.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/reconciled_bucket.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/reconciled_bucket.yaml new file mode 100644 index 0000000000000..80074067a75bf --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/reconciled_bucket.yaml @@ -0,0 +1,14 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/resumed_bucket.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/resumed_bucket.yaml new file mode 100644 index 0000000000000..40cfe6c9fc43d --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/resumed_bucket.yaml @@ -0,0 +1,13 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example + suspend: false diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/suspended_bucket.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/suspended_bucket.yaml new file mode 100644 index 0000000000000..0f10c70214c62 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/testdata/suspended_bucket.yaml @@ -0,0 +1,13 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example + suspend: true diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/health.lua b/resource_customizations/source.toolkit.fluxcd.io/Bucket/health.lua new file mode 100644 index 0000000000000..9ad39cb708294 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/health.lua @@ -0,0 +1,45 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + elseif condition.type == "ArtifactOutdated" and condition.status == "True" then + message = message .. " " .. condition.reason + elseif condition.type == "ArtifactInStorage" and condition.status == "True" then + numSucceeded = numSucceeded + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 2) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/health_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/health_test.yaml new file mode 100644 index 0000000000000..1cbb664013978 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: BucketOperationFailed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: Succeeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/degraded.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/degraded.yaml new file mode 100644 index 0000000000000..d2d469e36563c --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/degraded.yaml @@ -0,0 +1,34 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: building artifact + observedGeneration: 1 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to confirm existence of ''example'' bucket: XML syntax error + on line 5: element closed by ' + observedGeneration: 1 + reason: BucketOperationFailed + status: "False" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to confirm existence of ''example'' bucket: XML syntax error + on line 5: element closed by ' + observedGeneration: 1 + reason: BucketOperationFailed + status: "True" + type: FetchFailed diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/healthy.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/healthy.yaml new file mode 100644 index 0000000000000..b0e39bd81c5f3 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/healthy.yaml @@ -0,0 +1,26 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'stored artifact: revision ''sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855''' + observedGeneration: 3 + reason: Succeeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'stored artifact: revision ''sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855''' + observedGeneration: 3 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/progressing.yaml b/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/progressing.yaml new file mode 100644 index 0000000000000..be2e1b364bbab --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/Bucket/testdata/progressing.yaml @@ -0,0 +1,14 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: Bucket +metadata: + name: minio-bucket + namespace: default +spec: + interval: 5m0s + endpoint: minio.example.com + insecure: true + secretRef: + name: minio-bucket-secret + bucketName: example +status: + conditions: [] diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/action_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/action_test.yaml new file mode 100644 index 0000000000000..203f40629d209 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_gitrepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_gitrepository.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_gitrepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_gitrepository.yaml + expectedOutputPath: testdata/reconciled_gitrepository.yaml +- action: suspend + inputPath: testdata/initial_gitrepository.yaml + expectedOutputPath: testdata/suspended_gitrepository.yaml +- action: resume + inputPath: testdata/suspended_gitrepository.yaml + expectedOutputPath: testdata/resumed_gitrepository.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/discovery.lua b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/reconcile/action.lua b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/resume/action.lua b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/suspend/action.lua b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/initial_gitrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/initial_gitrepository.yaml new file mode 100644 index 0000000000000..3cd5664e591f0 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/initial_gitrepository.yaml @@ -0,0 +1,10 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo + ref: + branch: master diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/reconciled_gitrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/reconciled_gitrepository.yaml new file mode 100644 index 0000000000000..4cfe3861aca1f --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/reconciled_gitrepository.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo + ref: + branch: master diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/resumed_gitrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/resumed_gitrepository.yaml new file mode 100644 index 0000000000000..0a204953f5fe7 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/resumed_gitrepository.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo + ref: + branch: master + suspend: false diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/suspended_gitrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/suspended_gitrepository.yaml new file mode 100644 index 0000000000000..22c7be6772be2 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/actions/testdata/suspended_gitrepository.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo + ref: + branch: master + suspend: true diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/health.lua b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/health.lua new file mode 100644 index 0000000000000..9ad39cb708294 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/health.lua @@ -0,0 +1,45 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + elseif condition.type == "ArtifactOutdated" and condition.status == "True" then + message = message .. " " .. condition.reason + elseif condition.type == "ArtifactInStorage" and condition.status == "True" then + numSucceeded = numSucceeded + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 2) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/health_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/health_test.yaml new file mode 100644 index 0000000000000..c743c0b477d1a --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: GitOperationFailed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: Succeeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/degraded.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/degraded.yaml new file mode 100644 index 0000000000000..653e71945dbf5 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/degraded.yaml @@ -0,0 +1,38 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo-faulty + ref: + branch: master +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'processing object: new generation 1 -> 2' + observedGeneration: 2 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to checkout and determine revision: unable to list remote for + ''https://github.com/stefanprodan/podinfo-faulty'': authentication required' + observedGeneration: 2 + reason: GitOperationFailed + status: "False" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to checkout and determine revision: unable to list remote for + ''https://github.com/stefanprodan/podinfo-faulty'': authentication required' + observedGeneration: 2 + reason: GitOperationFailed + status: "True" + type: FetchFailed + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: stored artifact for revision 'master@sha1:08238eada746de8114efa36d36e2aa93bd76cfab' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/healthy.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/healthy.yaml new file mode 100644 index 0000000000000..0bf0210615591 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/healthy.yaml @@ -0,0 +1,24 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo + ref: + branch: master +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: stored artifact for revision 'master@sha1:08238eada746de8114efa36d36e2aa93bd76cfab' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: stored artifact for revision 'master@sha1:08238eada746de8114efa36d36e2aa93bd76cfab' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/progressing.yaml b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/progressing.yaml new file mode 100644 index 0000000000000..c1c99bf084246 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/GitRepository/testdata/progressing.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m + url: https://github.com/stefanprodan/podinfo + ref: + branch: master +status: + conditions: [] diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/action_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/action_test.yaml new file mode 100644 index 0000000000000..e5d34eb71f1bf --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_helmchart.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_helmchart.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_helmchart.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_helmchart.yaml + expectedOutputPath: testdata/reconciled_helmchart.yaml +- action: suspend + inputPath: testdata/initial_helmchart.yaml + expectedOutputPath: testdata/suspended_helmchart.yaml +- action: resume + inputPath: testdata/suspended_helmchart.yaml + expectedOutputPath: testdata/resumed_helmchart.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/discovery.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/reconcile/action.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/resume/action.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/suspend/action.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/initial_helmchart.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/initial_helmchart.yaml new file mode 100644 index 0000000000000..da341e25a4d73 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/initial_helmchart.yaml @@ -0,0 +1,13 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + version: '5.*' diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/reconciled_helmchart.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/reconciled_helmchart.yaml new file mode 100644 index 0000000000000..e3d3e5fedeb34 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/reconciled_helmchart.yaml @@ -0,0 +1,15 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + version: '5.*' diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/resumed_helmchart.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/resumed_helmchart.yaml new file mode 100644 index 0000000000000..9711ecdeee097 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/resumed_helmchart.yaml @@ -0,0 +1,14 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + suspend: false + version: '5.*' diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/suspended_helmchart.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/suspended_helmchart.yaml new file mode 100644 index 0000000000000..76e63f010c577 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/actions/testdata/suspended_helmchart.yaml @@ -0,0 +1,14 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + suspend: true + version: '5.*' diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/health.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/health.lua new file mode 100644 index 0000000000000..9ad39cb708294 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/health.lua @@ -0,0 +1,45 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + elseif condition.type == "ArtifactOutdated" and condition.status == "True" then + message = message .. " " .. condition.reason + elseif condition.type == "ArtifactInStorage" and condition.status == "True" then + numSucceeded = numSucceeded + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 2) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/health_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/health_test.yaml new file mode 100644 index 0000000000000..275b858d3c3c2 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: SourceUnavailable + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: ChartPullSucceeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/degraded.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/degraded.yaml new file mode 100644 index 0000000000000..1875514c4a623 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/degraded.yaml @@ -0,0 +1,41 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + version: '5.*' +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'processing object: new generation 1 -> 2' + observedGeneration: 2 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to get source: HelmRepository.source.toolkit.fluxcd.io "podinfo-faulty" + not found' + observedGeneration: 2 + reason: SourceUnavailable + status: "False" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to get source: HelmRepository.source.toolkit.fluxcd.io "podinfo-faulty" + not found' + observedGeneration: 2 + reason: SourceUnavailable + status: "True" + type: FetchFailed + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: pulled 'podinfo' chart with version '5.2.1' + observedGeneration: 1 + reason: ChartPullSucceeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/healthy.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/healthy.yaml new file mode 100644 index 0000000000000..7b39f91436460 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/healthy.yaml @@ -0,0 +1,27 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + version: '5.*' +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: pulled 'podinfo' chart with version '5.2.1' + observedGeneration: 1 + reason: ChartPullSucceeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: pulled 'podinfo' chart with version '5.2.1' + observedGeneration: 1 + reason: ChartPullSucceeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/progressing.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/progressing.yaml new file mode 100644 index 0000000000000..038511b26308a --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmChart/testdata/progressing.yaml @@ -0,0 +1,16 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo + version: '5.*' +status: + conditions: [] + diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/action_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/action_test.yaml new file mode 100644 index 0000000000000..c4d8d22e4ffce --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_helmrepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_helmrepository.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_helmrepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_helmrepository.yaml + expectedOutputPath: testdata/reconciled_helmrepository.yaml +- action: suspend + inputPath: testdata/initial_helmrepository.yaml + expectedOutputPath: testdata/suspended_helmrepository.yaml +- action: resume + inputPath: testdata/suspended_helmrepository.yaml + expectedOutputPath: testdata/resumed_helmrepository.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/discovery.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/reconcile/action.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/resume/action.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/suspend/action.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/initial_helmrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/initial_helmrepository.yaml new file mode 100644 index 0000000000000..e055d5aa054b3 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/initial_helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: https://stefanprodan.github.io/podinfo diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/reconciled_helmrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/reconciled_helmrepository.yaml new file mode 100644 index 0000000000000..d879fada430fc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/reconciled_helmrepository.yaml @@ -0,0 +1,10 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 5m0s + url: https://stefanprodan.github.io/podinfo diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/resumed_helmrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/resumed_helmrepository.yaml new file mode 100644 index 0000000000000..a68df7d1f41bd --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/resumed_helmrepository.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + suspend: false + url: https://stefanprodan.github.io/podinfo diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/suspended_helmrepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/suspended_helmrepository.yaml new file mode 100644 index 0000000000000..fe69f4142ab6f --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/actions/testdata/suspended_helmrepository.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + suspend: true + url: https://stefanprodan.github.io/podinfo diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua new file mode 100644 index 0000000000000..9ad39cb708294 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua @@ -0,0 +1,45 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + elseif condition.type == "ArtifactOutdated" and condition.status == "True" then + message = message .. " " .. condition.reason + elseif condition.type == "ArtifactInStorage" and condition.status == "True" then + numSucceeded = numSucceeded + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 2) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml new file mode 100644 index 0000000000000..2093ed4de070f --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: Failed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: Succeeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/degraded.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/degraded.yaml new file mode 100644 index 0000000000000..ebeddb5e05bc7 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/degraded.yaml @@ -0,0 +1,38 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: https://stefanprodan.github.io/podinfo-faulty +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'processing object: new generation 1 -> 2' + observedGeneration: 2 + reason: ProgressingWithRetry + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to fetch Helm repository index: failed to cache index to temporary + file: failed to fetch https://stefanprodan.github.io/podinfo-faulty/index.yaml + : 404 Not Found' + observedGeneration: 2 + reason: Failed + status: "False" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to fetch Helm repository index: failed to cache index to temporary + file: failed to fetch https://stefanprodan.github.io/podinfo-faulty/index.yaml + : 404 Not Found' + observedGeneration: 2 + reason: Failed + status: "True" + type: FetchFailed + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'stored artifact: revision ''sha256:3dfe15d87f81dedc8ddaf116c7302892e54a0d8f269e35f65aaff9ac4d1b179c''' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/healthy.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/healthy.yaml new file mode 100644 index 0000000000000..b483b480478cc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/healthy.yaml @@ -0,0 +1,22 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: https://stefanprodan.github.io/podinfo +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'stored artifact: revision ''sha256:3dfe15d87f81dedc8ddaf116c7302892e54a0d8f269e35f65aaff9ac4d1b179c''' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'stored artifact: revision ''sha256:3dfe15d87f81dedc8ddaf116c7302892e54a0d8f269e35f65aaff9ac4d1b179c''' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/progressing.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/progressing.yaml new file mode 100644 index 0000000000000..a13de50e72dcb --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/progressing.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: https://stefanprodan.github.io/podinfo +status: + conditions: [] + diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/action_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/action_test.yaml new file mode 100644 index 0000000000000..925f5dfa1877c --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/action_test.yaml @@ -0,0 +1,35 @@ +discoveryTests: +- inputPath: testdata/initial_ocirepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +- inputPath: testdata/suspended_ocirepository.yaml + result: + - name: reconcile + disabled: true + - name: suspend + disabled: true + - name: resume + disabled: false +- inputPath: testdata/resumed_ocirepository.yaml + result: + - name: reconcile + disabled: false + - name: suspend + disabled: false + - name: resume + disabled: true +actionTests: +- action: reconcile + inputPath: testdata/initial_ocirepository.yaml + expectedOutputPath: testdata/reconciled_ocirepository.yaml +- action: suspend + inputPath: testdata/initial_ocirepository.yaml + expectedOutputPath: testdata/suspended_ocirepository.yaml +- action: resume + inputPath: testdata/suspended_ocirepository.yaml + expectedOutputPath: testdata/resumed_ocirepository.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/discovery.lua b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/discovery.lua new file mode 100644 index 0000000000000..9000998815515 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/discovery.lua @@ -0,0 +1,18 @@ +local actions = {} + +actions["reconcile"] = {["disabled"] = true} +actions["suspend"] = {["disabled"] = true} +actions["resume"] = {["disabled"] = true} + +local suspend = false +if obj.spec.suspend ~= nil then + suspend = obj.spec.suspend +end +if suspend then + actions["resume"]["disabled"] = false +else + actions["reconcile"]["disabled"] = false + actions["suspend"]["disabled"] = false +end + +return actions diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/reconcile/action.lua b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/reconcile/action.lua new file mode 100644 index 0000000000000..a534b36fb3ebc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/reconcile/action.lua @@ -0,0 +1,7 @@ +local os = require("os") +if obj.metadata.annotations == nil then + obj.metadata.annotations = {} +end +obj.metadata.annotations["reconcile.fluxcd.io/requestedAt"] = "By Argo CD at: " .. os.date("!%Y-%m-%dT%X") + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/resume/action.lua b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/resume/action.lua new file mode 100644 index 0000000000000..cb41993777699 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/resume/action.lua @@ -0,0 +1,5 @@ +if obj.spec.suspend ~= nil and obj.spec.suspend then + obj.spec.suspend = false +end + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/suspend/action.lua b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/suspend/action.lua new file mode 100644 index 0000000000000..1a338b2ad1361 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/suspend/action.lua @@ -0,0 +1,3 @@ +obj.spec.suspend = true + +return obj diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/initial_ocirepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/initial_ocirepository.yaml new file mode 100644 index 0000000000000..cd33f5200ee82 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/initial_ocirepository.yaml @@ -0,0 +1,10 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/reconciled_ocirepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/reconciled_ocirepository.yaml new file mode 100644 index 0000000000000..b2df7fab875f3 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/reconciled_ocirepository.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default + annotations: + reconcile.fluxcd.io/requestedAt: 'By Argo CD at: 0001-01-01T00:00:00' +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/resumed_ocirepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/resumed_ocirepository.yaml new file mode 100644 index 0000000000000..5a0ffad096e3c --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/resumed_ocirepository.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest + suspend: false diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/suspended_ocirepository.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/suspended_ocirepository.yaml new file mode 100644 index 0000000000000..3fa77a4980317 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/actions/testdata/suspended_ocirepository.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest + suspend: true diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/health.lua b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/health.lua new file mode 100644 index 0000000000000..9ad39cb708294 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/health.lua @@ -0,0 +1,45 @@ +local hs = {} +if obj.spec.suspend ~= nil and obj.spec.suspend == true then + hs.message = obj.kind .. " is suspended" + hs.status = "Suspended" + return hs +end +if obj.status ~= nil then + if obj.status.conditions ~= nil then + local numProgressing = 0 + local numSucceeded = 0 + local message = "" + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" then + if condition.status == "True" then + numSucceeded = numSucceeded + 1 + elseif condition.status == "Unknown" then + numProgressing = numProgressing + 1 + end + message = condition.reason + elseif condition.type == "Reconciling" and condition.status == "True" then + numProgressing = numProgressing + 1 + elseif condition.type == "ArtifactOutdated" and condition.status == "True" then + message = message .. " " .. condition.reason + elseif condition.type == "ArtifactInStorage" and condition.status == "True" then + numSucceeded = numSucceeded + 1 + end + end + if(numProgressing == 2) then + hs.message = message + hs.status = "Progressing" + return hs + elseif(numSucceeded == 2) then + hs.message = message + hs.status = "Healthy" + return hs + else + hs.message = message + hs.status = "Degraded" + return hs + end + end +end +hs.message = "Status unknown" +hs.status = "Progressing" +return hs diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/health_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/health_test.yaml new file mode 100644 index 0000000000000..04adef01baa8b --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/health_test.yaml @@ -0,0 +1,13 @@ +tests: + # - healthStatus: + # status: Progressing + # message: Progressing + # inputPath: testdata/progressing.yaml + - healthStatus: + status: Degraded + message: OCIArtifactPullFailed + inputPath: testdata/degraded.yaml + - healthStatus: + status: Healthy + message: Succeeded + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/degraded.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/degraded.yaml new file mode 100644 index 0000000000000..9c91459ee2a01 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/degraded.yaml @@ -0,0 +1,38 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'processing object: new generation 1 -> 2' + observedGeneration: 2 + reason: Progressing + status: "True" + type: Reconciling + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to determine artifact digest: GET https://ghcr.io/token?scope=repository%!!(MISSING)A(MISSING)stefanprodan%!!(MISSING)F(MISSING)manifests%!!(MISSING)F(MISSING)podinfo-faulty%!!(MISSING)A(MISSING)pull&service=ghcr.io: + DENIED: requested access to the resource is denied' + observedGeneration: 2 + reason: OCIArtifactPullFailed + status: "False" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: 'failed to determine artifact digest: GET https://ghcr.io/token?scope=repository%!A(MISSING)stefanprodan%!F(MISSING)manifests%!F(MISSING)podinfo-faulty%!A(MISSING)pull&service=ghcr.io: + DENIED: requested access to the resource is denied' + observedGeneration: 2 + reason: OCIArtifactPullFailed + status: "True" + type: FetchFailed + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: stored artifact for digest 'latest@sha256:f74fa29c9ebfc7f55b0d829166812ce03c9e3951ab16954863cef1d12837c7a5' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/healthy.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/healthy.yaml new file mode 100644 index 0000000000000..e20aa0f1963fc --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/healthy.yaml @@ -0,0 +1,24 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest +status: + conditions: + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: stored artifact for digest 'latest@sha256:f74fa29c9ebfc7f55b0d829166812ce03c9e3951ab16954863cef1d12837c7a5' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: Ready + - lastTransitionTime: "2024-07-16T12:00:00Z" + message: stored artifact for digest 'latest@sha256:f74fa29c9ebfc7f55b0d829166812ce03c9e3951ab16954863cef1d12837c7a5' + observedGeneration: 1 + reason: Succeeded + status: "True" + type: ArtifactInStorage diff --git a/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/progressing.yaml b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/progressing.yaml new file mode 100644 index 0000000000000..b6635496469d6 --- /dev/null +++ b/resource_customizations/source.toolkit.fluxcd.io/OCIRepository/testdata/progressing.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: default +spec: + interval: 5m0s + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + tag: latest +status: + conditions: [] diff --git a/server/account/account.go b/server/account/account.go index 8c499c7da2707..541401a731022 100644 --- a/server/account/account.go +++ b/server/account/account.go @@ -48,7 +48,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe // assuming user is trying to update someone else if username is different or issuer is not Argo CD if updatedUsername != username || issuer != session.SessionManagerClaimsIssuer { if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceAccounts, rbacpolicy.ActionUpdate, q.Name); err != nil { - return nil, err + return nil, fmt.Errorf("permission denied: %w", err) } } @@ -70,7 +70,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe iat, err := session.Iat(ctx) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get issue time: %w", err) } if time.Since(iat) > common.ChangePasswordSSOTokenMaxAge { return nil, errors.New("SSO token is too old. Please use 'argocd relogin' to get a new token.") @@ -80,12 +80,12 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe // Need to validate password complexity with regular expression passwordPattern, err := s.settingsMgr.GetPasswordPattern() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get password pattern: %w", err) } validPasswordRegexp, err := regexp.Compile(passwordPattern) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to compile password regex: %w", err) } if !validPasswordRegexp.Match([]byte(q.NewPassword)) { @@ -95,7 +95,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe hashedPassword, err := password.HashPassword(q.NewPassword) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to hash password: %w", err) } err = s.settingsMgr.UpdateAccount(updatedUsername, func(acc *settings.Account) error { @@ -105,7 +105,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe return nil }) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to update account password: %w", err) } if updatedUsername == username { @@ -132,7 +132,7 @@ func (s *Server) CanI(ctx context.Context, r *account.CanIRequest) (*account.Can if r.Resource == "logs" { serverRBACLogEnforceEnable, err := s.settingsMgr.GetServerRBACLogEnforceEnable() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get server RBAC log enforcement setting: %w", err) } if !serverRBACLogEnforceEnable { @@ -174,7 +174,7 @@ func (s *Server) ensureHasAccountPermission(ctx context.Context, action string, return nil } if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceAccounts, action, account); err != nil { - return err + return fmt.Errorf("permission denied for account %s with action %s: %w", account, action, err) } return nil } @@ -184,7 +184,7 @@ func (s *Server) ListAccounts(ctx context.Context, r *account.ListAccountRequest resp := account.AccountsList{} accounts, err := s.settingsMgr.GetAccounts() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get accounts: %w", err) } for name, a := range accounts { if err := s.ensureHasAccountPermission(ctx, rbacpolicy.ActionGet, name); err == nil { @@ -200,11 +200,11 @@ func (s *Server) ListAccounts(ctx context.Context, r *account.ListAccountRequest // GetAccount returns an account func (s *Server) GetAccount(ctx context.Context, r *account.GetAccountRequest) (*account.Account, error) { if err := s.ensureHasAccountPermission(ctx, rbacpolicy.ActionGet, r.Name); err != nil { - return nil, err + return nil, fmt.Errorf("permission denied to get account %s: %w", r.Name, err) } a, err := s.settingsMgr.GetAccount(r.Name) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get account %s: %w", r.Name, err) } return toApiAccount(r.Name, *a), nil } @@ -212,14 +212,14 @@ func (s *Server) GetAccount(ctx context.Context, r *account.GetAccountRequest) ( // CreateToken creates a token func (s *Server) CreateToken(ctx context.Context, r *account.CreateTokenRequest) (*account.CreateTokenResponse, error) { if err := s.ensureHasAccountPermission(ctx, rbacpolicy.ActionUpdate, r.Name); err != nil { - return nil, err + return nil, fmt.Errorf("permission denied to create token for account %s: %w", r.Name, err) } id := r.Id if id == "" { uniqueId, err := uuid.NewRandom() if err != nil { - return nil, err + return nil, fmt.Errorf("failed to generate unique ID: %w", err) } id = uniqueId.String() } @@ -252,7 +252,7 @@ func (s *Server) CreateToken(ctx context.Context, r *account.CreateTokenRequest) return nil }) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to update account with new token: %w", err) } return &account.CreateTokenResponse{Token: tokenString}, nil } @@ -260,7 +260,7 @@ func (s *Server) CreateToken(ctx context.Context, r *account.CreateTokenRequest) // DeleteToken deletes a token func (s *Server) DeleteToken(ctx context.Context, r *account.DeleteTokenRequest) (*account.EmptyResponse, error) { if err := s.ensureHasAccountPermission(ctx, rbacpolicy.ActionUpdate, r.Name); err != nil { - return nil, err + return nil, fmt.Errorf("permission denied to delete account %s: %w", r.Name, err) } err := s.settingsMgr.UpdateAccount(r.Name, func(account *settings.Account) error { @@ -271,7 +271,7 @@ func (s *Server) DeleteToken(ctx context.Context, r *account.DeleteTokenRequest) return status.Errorf(codes.NotFound, "token with id '%s' does not exist", r.Id) }) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to delete account %s: %w", r.Name, err) } return &account.EmptyResponse{}, nil } diff --git a/server/account/account_test.go b/server/account/account_test.go index ca5571f117048..03290ad3692c4 100644 --- a/server/account/account_test.go +++ b/server/account/account_test.go @@ -292,7 +292,8 @@ func TestCreateToken_UserSpecifiedID(t *testing.T) { _, err = accountServer.CreateToken(ctx, &account.CreateTokenRequest{Name: "account1", Id: "test"}) require.Error(t, err) - assert.Contains(t, "account already has token with id 'test'", err.Error()) + assert.Contains(t, err.Error(), "failed to update account with new token:") + assert.Contains(t, err.Error(), "account already has token with id 'test'") } func TestDeleteToken_SuccessfullyRemoved(t *testing.T) { diff --git a/server/application/application.go b/server/application/application.go index 8e9d765cfb04f..165e5b38d3daf 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -120,6 +120,7 @@ func NewServer( settingsMgr *settings.SettingsManager, projInformer cache.SharedIndexInformer, enabledNamespaces []string, + enableK8sEvent []string, ) (application.ApplicationServiceServer, AppResourceTreeFn) { if appBroadcaster == nil { appBroadcaster = &broadcasterHandler{} @@ -141,7 +142,7 @@ func NewServer( kubectl: kubectl, enf: enf, projectLock: projectLock, - auditLogger: argo.NewAuditLogger(namespace, kubeclientset, "argocd-server"), + auditLogger: argo.NewAuditLogger(namespace, kubeclientset, "argocd-server", enableK8sEvent), settingsMgr: settingsMgr, projInformer: projInformer, enabledNamespaces: enabledNamespaces, @@ -189,7 +190,7 @@ func (s *Server) getAppEnforceRBAC(ctx context.Context, action, project, namespa if apierr.IsNotFound(err) { if project != "" { // We know that the user was allowed to get the Application, but the Application does not exist. Return 404. - return nil, nil, status.Errorf(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) + return nil, nil, status.Error(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) } // We don't know if the user was allowed to get the Application, and we don't want to leak information about // the Application's existence. Return 403. @@ -211,7 +212,7 @@ func (s *Server) getAppEnforceRBAC(ctx context.Context, action, project, namespa // The user specified a project. We would have returned a 404 if the user had access to the app, but the app // did not exist. So we have to return a 404 when the app does exist, but the user does not have access. // Otherwise, they could infer that the app exists based on the error code. - return nil, nil, status.Errorf(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) + return nil, nil, status.Error(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) } // The user didn't specify a project. We always return permission denied for both lack of access and lack of // existence. @@ -228,7 +229,7 @@ func (s *Server) getAppEnforceRBAC(ctx context.Context, action, project, namespa }).Warnf("user tried to %s application in project %s, but the application is in project %s", action, project, effectiveProject) // The user has access to the app, but the app is in a different project. Return 404, meaning "app doesn't // exist in that project". - return nil, nil, status.Errorf(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) + return nil, nil, status.Error(codes.NotFound, apierr.NewNotFound(schema.GroupResource{Group: "argoproj.io", Resource: "applications"}, name).Error()) } // Get the app's associated project, and make sure all project restrictions are enforced. proj, err := s.getAppProject(ctx, a, logCtx) @@ -376,7 +377,13 @@ func (s *Server) Create(ctx context.Context, q *application.ApplicationCreateReq if err != nil { return nil, status.Errorf(codes.Internal, "unable to check existing application details (%s): %v", appNs, err) } - equalSpecs := reflect.DeepEqual(existing.Spec, a.Spec) && + + if err := argo.ValidateDestination(ctx, &existing.Spec.Destination, s.db); err != nil { + return nil, status.Errorf(codes.InvalidArgument, "application destination spec for %s is invalid: %s", existing.Name, err.Error()) + } + + equalSpecs := existing.Spec.Destination.Equals(a.Spec.Destination) && + reflect.DeepEqual(existing.Spec, a.Spec) && reflect.DeepEqual(existing.Labels, a.Labels) && reflect.DeepEqual(existing.Annotations, a.Annotations) && reflect.DeepEqual(existing.Finalizers, a.Finalizers) @@ -518,6 +525,10 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan if err != nil { return fmt.Errorf("error getting kustomize settings options: %w", err) } + installationID, err := s.settingsMgr.GetInstallationID() + if err != nil { + return fmt.Errorf("error getting installation ID: %w", err) + } manifestInfo, err := client.GenerateManifest(ctx, &apiclient.ManifestRequest{ Repo: repo, @@ -539,6 +550,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan HasMultipleSources: a.Spec.HasMultipleSources(), RefSources: refSources, ApplicationMetadata: &a.ObjectMeta, + InstallationID: installationID, }) if err != nil { return fmt.Errorf("error generating manifests: %w", err) @@ -1903,7 +1915,11 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR s.inferResourcesStatusHealth(a) - if !proj.Spec.SyncWindows.Matches(a).CanSync(true) { + canSync, err := proj.Spec.SyncWindows.Matches(a).CanSync(true) + if err != nil { + return a, status.Errorf(codes.PermissionDenied, "cannot sync: invalid sync window: %v", err) + } + if !canSync { return a, status.Errorf(codes.PermissionDenied, "cannot sync: blocked by sync window") } @@ -2018,7 +2034,7 @@ func (s *Server) resolveSourceRevisions(ctx context.Context, a *appv1.Applicatio } revision, displayRevision, err := s.resolveRevision(ctx, a, syncReq, index) if err != nil { - return "", "", nil, nil, status.Errorf(codes.FailedPrecondition, err.Error()) + return "", "", nil, nil, status.Error(codes.FailedPrecondition, err.Error()) } sourceRevisions[index] = revision displayRevisions[index] = displayRevision @@ -2033,7 +2049,7 @@ func (s *Server) resolveSourceRevisions(ctx context.Context, a *appv1.Applicatio } revision, displayRevision, err := s.resolveRevision(ctx, a, syncReq, -1) if err != nil { - return "", "", nil, nil, status.Errorf(codes.FailedPrecondition, err.Error()) + return "", "", nil, nil, status.Error(codes.FailedPrecondition, err.Error()) } return revision, displayRevision, nil, nil, nil } @@ -2218,7 +2234,7 @@ func getAmbiguousRevision(app *appv1.Application, syncReq *application.Applicati ambiguousRevision := "" if app.Spec.HasMultipleSources() { for i, pos := range syncReq.SourcePositions { - if pos == int64(sourceIndex) { + if pos == int64(sourceIndex+1) { ambiguousRevision = syncReq.Revisions[i] } } @@ -2385,14 +2401,14 @@ func (s *Server) getAvailableActions(resourceOverrides map[string]appv1.Resource ResourceOverrides: resourceOverrides, } - discoveryScript, err := luaVM.GetResourceActionDiscovery(obj) + discoveryScripts, err := luaVM.GetResourceActionDiscovery(obj) if err != nil { return nil, fmt.Errorf("error getting Lua discovery script: %w", err) } - if discoveryScript == "" { + if len(discoveryScripts) == 0 { return []appv1.ResourceAction{}, nil } - availableActions, err := luaVM.ExecuteResourceActionDiscovery(obj, discoveryScript) + availableActions, err := luaVM.ExecuteResourceActionDiscovery(obj, discoveryScripts) if err != nil { return nil, fmt.Errorf("error executing Lua discovery script: %w", err) } @@ -2461,7 +2477,7 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA // the dry-run for relevant apply/delete operation would have to be invoked as well. for _, impactedResource := range newObjects { newObj := impactedResource.UnstructuredObj - err := s.verifyResourcePermitted(ctx, app, proj, newObj) + err := s.verifyResourcePermitted(app, proj, newObj) if err != nil { return nil, err } @@ -2554,7 +2570,7 @@ func (s *Server) patchResource(ctx context.Context, config *rest.Config, liveObj return &application.ApplicationResponse{}, nil } -func (s *Server) verifyResourcePermitted(ctx context.Context, app *appv1.Application, proj *appv1.AppProject, obj *unstructured.Unstructured) error { +func (s *Server) verifyResourcePermitted(app *appv1.Application, proj *appv1.AppProject, obj *unstructured.Unstructured) error { permitted, err := proj.IsResourcePermitted(schema.GroupKind{Group: obj.GroupVersionKind().Group, Kind: obj.GroupVersionKind().Kind}, obj.GetNamespace(), app.Spec.Destination, func(project string) ([]*appv1.Cluster, error) { clusters, err := s.db.GetProjectClusters(context.TODO(), project) if err != nil { @@ -2620,10 +2636,17 @@ func (s *Server) GetApplicationSyncWindows(ctx context.Context, q *application.A } windows := proj.Spec.SyncWindows.Matches(a) - sync := windows.CanSync(true) + sync, err := windows.CanSync(true) + if err != nil { + return nil, fmt.Errorf("invalid sync windows: %w", err) + } + activeWindows, err := windows.Active() + if err != nil { + return nil, fmt.Errorf("invalid sync windows: %w", err) + } res := &application.ApplicationSyncWindowsResponse{ - ActiveWindows: convertSyncWindows(windows.Active()), + ActiveWindows: convertSyncWindows(activeWindows), AssignedWindows: convertSyncWindows(windows), CanSync: &sync, } @@ -2730,7 +2753,7 @@ func (s *Server) isNamespaceEnabled(namespace string) bool { return security.IsNamespaceEnabled(namespace, s.ns, s.enabledNamespaces) } -// getProjectFromApplicationQuery gets the project names from a query. If the legacy "project" field was specified, use +// getProjectsFromApplicationQuery gets the project names from a query. If the legacy "project" field was specified, use // that. Otherwise, use the newer "projects" field. func getProjectsFromApplicationQuery(q application.ApplicationQuery) []string { if q.Project != nil { diff --git a/server/application/application_test.go b/server/application/application_test.go index 96bfeaf51221c..92a7c7bab16de 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -10,8 +10,6 @@ import ( "testing" "time" - "k8s.io/utils/pointer" - "k8s.io/apimachinery/pkg/labels" "github.com/argoproj/gitops-engine/pkg/health" @@ -71,6 +69,8 @@ const ( fakeRepoURL = "https://git.com/repo.git" ) +var testEnableEventList []string = argo.DefaultEnableEventList() + func fakeRepo() *appsv1.Repository { return &appsv1.Repository{ Repo: fakeRepoURL, @@ -308,6 +308,7 @@ func newTestAppServerWithEnforcerConfigure(f func(*rbac.Enforcer), t *testing.T, settingsMgr, projInformer, []string{}, + testEnableEventList, ) return server.(*Server) } @@ -488,6 +489,7 @@ func newTestAppServerWithEnforcerConfigureWithBenchmark(f func(*rbac.Enforcer), settingsMgr, projInformer, []string{}, + testEnableEventList, ) return server.(*Server) } @@ -2654,7 +2656,10 @@ func TestIsApplicationPermitted(t *testing.T) { } func TestAppNamespaceRestrictions(t *testing.T) { + t.Parallel() + t.Run("List applications in controller namespace", func(t *testing.T) { + t.Parallel() testApp := newTestApp() appServer := newTestAppServer(t, testApp) apps, err := appServer.List(context.TODO(), &application.ApplicationQuery{}) @@ -2663,6 +2668,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { }) t.Run("List applications with non-allowed apps existing", func(t *testing.T) { + t.Parallel() testApp1 := newTestApp() testApp1.Namespace = "argocd-1" appServer := newTestAppServer(t, testApp1) @@ -2672,6 +2678,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { }) t.Run("List applications with non-allowed apps existing and explicit ns request", func(t *testing.T) { + t.Parallel() testApp1 := newTestApp() testApp2 := newTestApp() testApp2.Namespace = "argocd-1" @@ -2682,6 +2689,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { }) t.Run("List applications with allowed apps in other namespaces", func(t *testing.T) { + t.Parallel() testApp1 := newTestApp() testApp1.Namespace = "argocd-1" appServer := newTestAppServer(t, testApp1) @@ -2692,6 +2700,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { }) t.Run("Get application in control plane namespace", func(t *testing.T) { + t.Parallel() testApp := newTestApp() appServer := newTestAppServer(t, testApp) app, err := appServer.Get(context.TODO(), &application.ApplicationQuery{ @@ -2701,6 +2710,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { assert.Equal(t, "test-app", app.GetName()) }) t.Run("Get application in other namespace when forbidden", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" appServer := newTestAppServer(t, testApp) @@ -2713,6 +2723,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { require.Nil(t, app) }) t.Run("Get application in other namespace when allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2736,6 +2747,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { require.Equal(t, "test-app", app.Name) }) t.Run("Get application in other namespace when project is not allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2758,6 +2770,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { require.ErrorContains(t, err, "app is not allowed in project") }) t.Run("Create application in other namespace when allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2781,6 +2794,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { }) t.Run("Create application in other namespace when not allowed by project", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2803,6 +2817,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { }) t.Run("Create application in other namespace when not allowed by configuration", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2824,6 +2839,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { require.ErrorContains(t, err, "namespace 'argocd-1' is not permitted") }) t.Run("Get application sync window in other namespace when project is allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2842,6 +2858,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { assert.Empty(t, active.ActiveWindows) }) t.Run("Get application sync window in other namespace when project is not allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2861,6 +2878,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { require.ErrorContains(t, err, "app is not allowed in project") }) t.Run("Get list of links in other namespace when project is not allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2883,6 +2901,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { require.ErrorContains(t, err, "app is not allowed in project") }) t.Run("Get list of links in other namespace when project is allowed", func(t *testing.T) { + t.Parallel() testApp := newTestApp() testApp.Namespace = "argocd-1" testApp.Spec.Project = "other-ns" @@ -2919,7 +2938,7 @@ func TestGetAmbiguousRevision_MultiSource(t *testing.T) { }, } syncReq := &application.ApplicationSyncRequest{ - SourcePositions: []int64{0, 1}, + SourcePositions: []int64{1, 2}, Revisions: []string{"rev1", "rev2"}, } @@ -3029,6 +3048,8 @@ func TestServer_ResolveSourceRevisions_SingleSource(t *testing.T) { } func Test_RevisionMetadata(t *testing.T) { + t.Parallel() + singleSourceApp := newTestApp() singleSourceApp.Name = "single-source-app" singleSourceApp.Spec = appv1.ApplicationSpec{ @@ -3088,19 +3109,19 @@ func Test_RevisionMetadata(t *testing.T) { { name: "single-source app without history, no source index, missing version ID", multiSource: false, - versionId: pointer.Int32(999), - expectErrorContains: pointer.String("the app has no history"), + versionId: ptr.To(int32(999)), + expectErrorContains: ptr.To("the app has no history"), }, { name: "single source app without history, present source index, no version ID", multiSource: false, - sourceIndex: pointer.Int32(0), + sourceIndex: ptr.To(int32(0)), }, { name: "single source app without history, invalid source index, no version ID", multiSource: false, - sourceIndex: pointer.Int32(999), - expectErrorContains: pointer.String("source index 999 not found"), + sourceIndex: ptr.To(int32(999)), + expectErrorContains: ptr.To("source index 999 not found"), }, { name: "single source app with matching history, no source index, no version ID", @@ -3111,14 +3132,14 @@ func Test_RevisionMetadata(t *testing.T) { name: "single source app with matching history, no source index, missing version ID", multiSource: false, history: &struct{ matchesSourceType bool }{true}, - versionId: pointer.Int32(999), - expectErrorContains: pointer.String("history not found for version ID 999"), + versionId: ptr.To(int32(999)), + expectErrorContains: ptr.To("history not found for version ID 999"), }, { name: "single source app with matching history, no source index, present version ID", multiSource: false, history: &struct{ matchesSourceType bool }{true}, - versionId: pointer.Int32(1), + versionId: ptr.To(int32(1)), }, { name: "single source app with multi-source history, no source index, no version ID", @@ -3129,37 +3150,37 @@ func Test_RevisionMetadata(t *testing.T) { name: "single source app with multi-source history, no source index, missing version ID", multiSource: false, history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(999), - expectErrorContains: pointer.String("history not found for version ID 999"), + versionId: ptr.To(int32(999)), + expectErrorContains: ptr.To("history not found for version ID 999"), }, { name: "single source app with multi-source history, no source index, present version ID", multiSource: false, history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(1), + versionId: ptr.To(int32(1)), }, { name: "single-source app with multi-source history, source index 1, no version ID", multiSource: false, - sourceIndex: pointer.Int32(1), + sourceIndex: ptr.To(int32(1)), history: &struct{ matchesSourceType bool }{false}, // Since the user requested source index 1, but no version ID, we'll get an error when looking at the live // source, because the live source is single-source. - expectErrorContains: pointer.String("there is only 1 source"), + expectErrorContains: ptr.To("there is only 1 source"), }, { name: "single-source app with multi-source history, invalid source index, no version ID", multiSource: false, - sourceIndex: pointer.Int32(999), + sourceIndex: ptr.To(int32(999)), history: &struct{ matchesSourceType bool }{false}, - expectErrorContains: pointer.String("source index 999 not found"), + expectErrorContains: ptr.To("source index 999 not found"), }, { name: "single-source app with multi-source history, valid source index, present version ID", multiSource: false, - sourceIndex: pointer.Int32(1), + sourceIndex: ptr.To(int32(1)), history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(1), + versionId: ptr.To(int32(1)), }, { name: "multi-source app without history, no source index, no version ID", @@ -3168,19 +3189,19 @@ func Test_RevisionMetadata(t *testing.T) { { name: "multi-source app without history, no source index, missing version ID", multiSource: true, - versionId: pointer.Int32(999), - expectErrorContains: pointer.String("the app has no history"), + versionId: ptr.To(int32(999)), + expectErrorContains: ptr.To("the app has no history"), }, { name: "multi-source app without history, present source index, no version ID", multiSource: true, - sourceIndex: pointer.Int32(1), + sourceIndex: ptr.To(int32(1)), }, { name: "multi-source app without history, invalid source index, no version ID", multiSource: true, - sourceIndex: pointer.Int32(999), - expectErrorContains: pointer.String("source index 999 not found"), + sourceIndex: ptr.To(int32(999)), + expectErrorContains: ptr.To("source index 999 not found"), }, { name: "multi-source app with matching history, no source index, no version ID", @@ -3191,14 +3212,14 @@ func Test_RevisionMetadata(t *testing.T) { name: "multi-source app with matching history, no source index, missing version ID", multiSource: true, history: &struct{ matchesSourceType bool }{true}, - versionId: pointer.Int32(999), - expectErrorContains: pointer.String("history not found for version ID 999"), + versionId: ptr.To(int32(999)), + expectErrorContains: ptr.To("history not found for version ID 999"), }, { name: "multi-source app with matching history, no source index, present version ID", multiSource: true, history: &struct{ matchesSourceType bool }{true}, - versionId: pointer.Int32(1), + versionId: ptr.To(int32(1)), }, { name: "multi-source app with single-source history, no source index, no version ID", @@ -3209,51 +3230,53 @@ func Test_RevisionMetadata(t *testing.T) { name: "multi-source app with single-source history, no source index, missing version ID", multiSource: true, history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(999), - expectErrorContains: pointer.String("history not found for version ID 999"), + versionId: ptr.To(int32(999)), + expectErrorContains: ptr.To("history not found for version ID 999"), }, { name: "multi-source app with single-source history, no source index, present version ID", multiSource: true, history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(1), + versionId: ptr.To(int32(1)), }, { name: "multi-source app with single-source history, source index 1, no version ID", multiSource: true, - sourceIndex: pointer.Int32(1), + sourceIndex: ptr.To(int32(1)), history: &struct{ matchesSourceType bool }{false}, }, { name: "multi-source app with single-source history, invalid source index, no version ID", multiSource: true, - sourceIndex: pointer.Int32(999), + sourceIndex: ptr.To(int32(999)), history: &struct{ matchesSourceType bool }{false}, - expectErrorContains: pointer.String("source index 999 not found"), + expectErrorContains: ptr.To("source index 999 not found"), }, { name: "multi-source app with single-source history, valid source index, present version ID", multiSource: true, - sourceIndex: pointer.Int32(0), + sourceIndex: ptr.To(int32(0)), history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(1), + versionId: ptr.To(int32(1)), }, { name: "multi-source app with single-source history, source index 1, present version ID", multiSource: true, - sourceIndex: pointer.Int32(1), + sourceIndex: ptr.To(int32(1)), history: &struct{ matchesSourceType bool }{false}, - versionId: pointer.Int32(1), - expectErrorContains: pointer.String("source index 1 not found"), + versionId: ptr.To(int32(1)), + expectErrorContains: ptr.To("source index 1 not found"), }, } for _, tc := range testCases { tcc := tc t.Run(tcc.name, func(t *testing.T) { - app := singleSourceApp + t.Parallel() + + app := singleSourceApp.DeepCopy() if tcc.multiSource { - app = multiSourceApp + app = multiSourceApp.DeepCopy() } if tcc.history != nil { if tcc.history.matchesSourceType { @@ -3274,8 +3297,8 @@ func Test_RevisionMetadata(t *testing.T) { s := newTestAppServer(t, app) request := &application.RevisionMetadataQuery{ - Name: pointer.String(app.Name), - Revision: pointer.String("HEAD"), + Name: ptr.To(app.Name), + Revision: ptr.To("HEAD"), SourceIndex: tcc.sourceIndex, VersionId: tcc.versionId, } diff --git a/server/application/logs.go b/server/application/logs.go index 93860a8eb0bf6..b52eef81e2e77 100644 --- a/server/application/logs.go +++ b/server/application/logs.go @@ -59,8 +59,6 @@ func mergeLogStreams(streams []chan logEntry, bufferingDuration time.Duration) c // buffer of received log entries for each stream entriesPerStream := make([][]logEntry, len(streams)) process := make(chan struct{}) - signalToCloseMergedChannel := make(chan logEntry) - ticker := time.NewTicker(bufferingDuration) var lock sync.Mutex streamsCount := int32(len(streams)) @@ -112,34 +110,32 @@ func mergeLogStreams(streams []chan logEntry, bufferingDuration time.Duration) c } } lock.Unlock() - if isSignalToCloseMergedChannel(signalToCloseMergedChannel) && isChannelClosed(merged) { - return len(entries) > 0 - } - for i := range entries { merged <- entries[i] } - - if isSignalToCloseMergedChannel(signalToCloseMergedChannel) && !isChannelClosed(merged) { - close(merged) - ticker.Stop() - } return len(entries) > 0 } var sentAtLock sync.Mutex var sentAt time.Time + ticker := time.NewTicker(bufferingDuration) + done := make(chan struct{}) go func() { - for range ticker.C { - sentAtLock.Lock() - // waited long enough for logs from each streams, send everything accumulated - if sentAt.Add(bufferingDuration).Before(time.Now()) { - _ = send(true) - sentAt = time.Now() - } + for { + select { + case <-done: + return + case <-ticker.C: + sentAtLock.Lock() + // waited long enough for logs from each streams, send everything accumulated + if sentAt.Add(bufferingDuration).Before(time.Now()) { + _ = send(true) + sentAt = time.Now() + } - sentAtLock.Unlock() + sentAtLock.Unlock() + } } }() @@ -154,20 +150,13 @@ func mergeLogStreams(streams []chan logEntry, bufferingDuration time.Duration) c _ = send(true) - close(signalToCloseMergedChannel) + ticker.Stop() + // ticker.Stop() does not close the channel, and it does not wait for the channel to be drained. So we need to + // explicitly prevent the gorountine from leaking by closing the channel. We also need to prevent the goroutine + // from calling `send` again, because `send` pushes to the `merged` channel which we're about to close. + // This describes the approach nicely: https://stackoverflow.com/questions/17797754/ticker-stop-behaviour-in-golang + done <- struct{}{} + close(merged) }() return merged } - -func isChannelClosed(channel chan logEntry) bool { - ok := true - select { - case _, ok = <-channel: - default: - } - return !ok -} - -func isSignalToCloseMergedChannel(channel chan logEntry) bool { - return isChannelClosed(channel) -} diff --git a/server/application/logs_test.go b/server/application/logs_test.go index bc65efe04aa44..7a565e37efa79 100644 --- a/server/application/logs_test.go +++ b/server/application/logs_test.go @@ -76,20 +76,32 @@ func TestMergeLogStreams(t *testing.T) { assert.Equal(t, []string{"1", "2", "3", "4"}, lines) } -func TestIsChannelClosed(t *testing.T) { - channel := make(chan logEntry) - ok := isChannelClosed(channel) - assert.False(t, ok) - close(channel) - ok = isChannelClosed(channel) - assert.True(t, ok) -} - -func TestIsSignalToCloseMergedChannel(t *testing.T) { - channel := make(chan logEntry) - ok := isSignalToCloseMergedChannel(channel) - assert.False(t, ok) - close(channel) - ok = isSignalToCloseMergedChannel(channel) - assert.True(t, ok) +func TestMergeLogStreams_RaceCondition(t *testing.T) { + // Test for regression of this issue: https://github.com/argoproj/argo-cd/issues/7006 + for i := 0; i < 5000; i++ { + first := make(chan logEntry) + second := make(chan logEntry) + + go func() { + parseLogsStream("first", io.NopCloser(strings.NewReader(`2021-02-09T00:00:01Z 1`)), first) + time.Sleep(time.Duration(i%3) * time.Millisecond) + close(first) + }() + + go func() { + parseLogsStream("second", io.NopCloser(strings.NewReader(`2021-02-09T00:00:02Z 2`)), second) + time.Sleep(time.Duration((i+1)%3) * time.Millisecond) + close(second) + }() + + merged := mergeLogStreams([]chan logEntry{first, second}, 1*time.Millisecond) + + // Drain the channel + for range merged { + } + + // This test intentionally doesn't test the order of the output. Under these intense conditions, the test would + // fail often due to out of order entries. This test is only meant to reproduce a race between a channel writer + // and channel closer. + } } diff --git a/server/application/mocks/Broadcaster.go b/server/application/mocks/Broadcaster.go index 4ad9c7cfec2d4..2e5f13bd88c8b 100644 --- a/server/application/mocks/Broadcaster.go +++ b/server/application/mocks/Broadcaster.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.42.1. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/server/application/terminal.go b/server/application/terminal.go index 0f454467ec5df..e6ddc6d832df3 100644 --- a/server/application/terminal.go +++ b/server/application/terminal.go @@ -33,29 +33,32 @@ import ( type terminalHandler struct { appLister applisters.ApplicationLister db db.ArgoDB - enf *rbac.Enforcer cache *servercache.Cache appResourceTreeFn func(ctx context.Context, app *appv1.Application) (*appv1.ApplicationTree, error) allowedShells []string namespace string enabledNamespaces []string sessionManager *util_session.SessionManager + terminalOptions *TerminalOptions +} + +type TerminalOptions struct { + DisableAuth bool + Enf *rbac.Enforcer } // NewHandler returns a new terminal handler. -func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache, - appResourceTree AppResourceTreeFn, allowedShells []string, sessionManager *util_session.SessionManager, -) *terminalHandler { +func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, cache *servercache.Cache, appResourceTree AppResourceTreeFn, allowedShells []string, sessionManager *sessionmgr.SessionManager, terminalOptions *TerminalOptions) *terminalHandler { return &terminalHandler{ appLister: appLister, db: db, - enf: enf, cache: cache, appResourceTreeFn: appResourceTree, allowedShells: allowedShells, namespace: namespace, enabledNamespaces: enabledNamespaces, sessionManager: sessionManager, + terminalOptions: terminalOptions, } } @@ -146,12 +149,12 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { ctx := r.Context() appRBACName := security.RBACName(s.namespace, project, appNamespace, app) - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, appRBACName); err != nil { + if err := s.terminalOptions.Enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, appRBACName); err != nil { http.Error(w, err.Error(), http.StatusUnauthorized) return } - if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceExec, rbacpolicy.ActionCreate, appRBACName); err != nil { + if err := s.terminalOptions.Enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceExec, rbacpolicy.ActionCreate, appRBACName); err != nil { http.Error(w, err.Error(), http.StatusUnauthorized) return } @@ -229,7 +232,7 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { fieldLog.Info("terminal session starting") - session, err := newTerminalSession(ctx, w, r, nil, s.sessionManager, appRBACName, s.enf) + session, err := newTerminalSession(ctx, w, r, nil, s.sessionManager, appRBACName, s.terminalOptions) if err != nil { http.Error(w, "Failed to start terminal session", http.StatusBadRequest) return diff --git a/server/application/websocket.go b/server/application/websocket.go index d6057cae7957f..86c85749d803b 100644 --- a/server/application/websocket.go +++ b/server/application/websocket.go @@ -8,10 +8,8 @@ import ( "sync" "time" - "github.com/argoproj/argo-cd/v2/server/rbacpolicy" - "github.com/argoproj/argo-cd/v2/util/rbac" - "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/server/rbacpolicy" httputil "github.com/argoproj/argo-cd/v2/util/http" util_session "github.com/argoproj/argo-cd/v2/util/session" @@ -46,7 +44,7 @@ type terminalSession struct { sessionManager *util_session.SessionManager token *string appRBACName string - enf *rbac.Enforcer + terminalOpts *TerminalOptions } // getToken get auth token from web socket request @@ -56,7 +54,7 @@ func getToken(r *http.Request) (string, error) { } // newTerminalSession create terminalSession -func newTerminalSession(ctx context.Context, w http.ResponseWriter, r *http.Request, responseHeader http.Header, sessionManager *util_session.SessionManager, appRBACName string, enf *rbac.Enforcer) (*terminalSession, error) { +func newTerminalSession(ctx context.Context, w http.ResponseWriter, r *http.Request, responseHeader http.Header, sessionManager *util_session.SessionManager, appRBACName string, terminalOpts *TerminalOptions) (*terminalSession, error) { token, err := getToken(r) if err != nil { return nil, err @@ -75,7 +73,7 @@ func newTerminalSession(ctx context.Context, w http.ResponseWriter, r *http.Requ sessionManager: sessionManager, token: &token, appRBACName: appRBACName, - enf: enf, + terminalOpts: terminalOpts, } return session, nil } @@ -141,7 +139,7 @@ func (t *terminalSession) validatePermissions(p []byte) (int, error) { Operation: "stdout", Data: "Permission denied", }) - if err := t.enf.EnforceErr(t.ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, t.appRBACName); err != nil { + if err := t.terminalOpts.Enf.EnforceErr(t.ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, t.appRBACName); err != nil { err = t.wsConn.WriteMessage(websocket.TextMessage, permissionDeniedMessage) if err != nil { log.Errorf("permission denied message err: %v", err) @@ -149,7 +147,7 @@ func (t *terminalSession) validatePermissions(p []byte) (int, error) { return copy(p, EndOfTransmission), permissionDeniedErr } - if err := t.enf.EnforceErr(t.ctx.Value("claims"), rbacpolicy.ResourceExec, rbacpolicy.ActionCreate, t.appRBACName); err != nil { + if err := t.terminalOpts.Enf.EnforceErr(t.ctx.Value("claims"), rbacpolicy.ResourceExec, rbacpolicy.ActionCreate, t.appRBACName); err != nil { err = t.wsConn.WriteMessage(websocket.TextMessage, permissionDeniedMessage) if err != nil { log.Errorf("permission denied message err: %v", err) @@ -159,8 +157,12 @@ func (t *terminalSession) validatePermissions(p []byte) (int, error) { return 0, nil } -// Read called in a loop from remotecommand as long as the process is running -func (t *terminalSession) Read(p []byte) (int, error) { +func (t *terminalSession) performValidationsAndReconnect(p []byte) (int, error) { + // In disable auth mode, no point verifying the token or validating permissions + if t.terminalOpts.DisableAuth { + return 0, nil + } + // check if token still valid _, newToken, err := t.sessionManager.VerifyToken(*t.token) // err in case if token is revoked, newToken in case if refresh happened @@ -168,13 +170,21 @@ func (t *terminalSession) Read(p []byte) (int, error) { // need to send reconnect code in case if token was refreshed return t.reconnect() } - - // validate permissions code, err := t.validatePermissions(p) if err != nil { return code, err } + return 0, nil +} + +// Read called in a loop from remotecommand as long as the process is running +func (t *terminalSession) Read(p []byte) (int, error) { + code, err := t.performValidationsAndReconnect(p) + if err != nil { + return code, err + } + t.readLock.Lock() _, message, err := t.wsConn.ReadMessage() t.readLock.Unlock() diff --git a/server/application/websocket_test.go b/server/application/websocket_test.go index 5b6f903d48f27..0d048a1727d1b 100644 --- a/server/application/websocket_test.go +++ b/server/application/websocket_test.go @@ -85,6 +85,45 @@ func TestReconnect(t *testing.T) { assert.Equal(t, ReconnectMessage, message.Data) } +func testServerConnection(t *testing.T, testFunc func(w http.ResponseWriter, r *http.Request), expectPermissionDenied bool) { + s := httptest.NewServer(http.HandlerFunc(testFunc)) + defer s.Close() + + u := "ws" + strings.TrimPrefix(s.URL, "http") + + // Connect to the server + ws, _, err := websocket.DefaultDialer.Dial(u, nil) + require.NoError(t, err) + + defer ws.Close() + if expectPermissionDenied { + _, p, _ := ws.ReadMessage() + + var message TerminalMessage + + err = json.Unmarshal(p, &message) + + require.NoError(t, err) + assert.Equal(t, "Permission denied", message.Data) + } +} + +func TestVerifyAndReconnectDisableAuthTrue(t *testing.T) { + validate := func(w http.ResponseWriter, r *http.Request) { + ts := newTestTerminalSession(w, r) + // Currently testing only the usecase of disableAuth: true since the disableAuth: false case + // requires a valid token to be passed in the request. + // Note that running with disableAuth: false will surprisingly succeed as well, because + // the underlying token nil pointer dereference is swallowed in a location I didn't find, + // or even swallowed by the test framework. + ts.terminalOpts = &TerminalOptions{DisableAuth: true} + code, err := ts.performValidationsAndReconnect([]byte{}) + assert.Equal(t, 0, code) + require.NoError(t, err) + } + testServerConnection(t, validate, false) +} + func TestValidateWithAdminPermissions(t *testing.T) { validate := func(w http.ResponseWriter, r *http.Request) { enf := newEnforcer() @@ -94,7 +133,7 @@ func TestValidateWithAdminPermissions(t *testing.T) { return true }) ts := newTestTerminalSession(w, r) - ts.enf = enf + ts.terminalOpts = &TerminalOptions{Enf: enf} ts.appRBACName = "test" // nolint:staticcheck ts.ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"admin"}}) @@ -102,16 +141,7 @@ func TestValidateWithAdminPermissions(t *testing.T) { require.NoError(t, err) } - s := httptest.NewServer(http.HandlerFunc(validate)) - defer s.Close() - - u := "ws" + strings.TrimPrefix(s.URL, "http") - - // Connect to the server - ws, _, err := websocket.DefaultDialer.Dial(u, nil) - require.NoError(t, err) - - defer ws.Close() + testServerConnection(t, validate, false) } func TestValidateWithoutPermissions(t *testing.T) { @@ -123,7 +153,7 @@ func TestValidateWithoutPermissions(t *testing.T) { return false }) ts := newTestTerminalSession(w, r) - ts.enf = enf + ts.terminalOpts = &TerminalOptions{Enf: enf} ts.appRBACName = "test" // nolint:staticcheck ts.ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"test"}}) @@ -132,23 +162,5 @@ func TestValidateWithoutPermissions(t *testing.T) { assert.Equal(t, permissionDeniedErr.Error(), err.Error()) } - s := httptest.NewServer(http.HandlerFunc(validate)) - defer s.Close() - - u := "ws" + strings.TrimPrefix(s.URL, "http") - - // Connect to the server - ws, _, err := websocket.DefaultDialer.Dial(u, nil) - require.NoError(t, err) - - defer ws.Close() - - _, p, _ := ws.ReadMessage() - - var message TerminalMessage - - err = json.Unmarshal(p, &message) - - require.NoError(t, err) - assert.Equal(t, "Permission denied", message.Data) + testServerConnection(t, validate, true) } diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go index 5f2b7508b9a2e..259b59c911321 100644 --- a/server/applicationset/applicationset.go +++ b/server/applicationset/applicationset.go @@ -1,6 +1,7 @@ package applicationset import ( + "bytes" "context" "fmt" "reflect" @@ -17,18 +18,26 @@ import ( apierr "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" + "sigs.k8s.io/controller-runtime/pkg/client" + appsettemplate "github.com/argoproj/argo-cd/v2/applicationset/controllers/template" + "github.com/argoproj/argo-cd/v2/applicationset/generators" + "github.com/argoproj/argo-cd/v2/applicationset/services" + appsetstatus "github.com/argoproj/argo-cd/v2/applicationset/status" appsetutils "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/argoproj/argo-cd/v2/pkg/apiclient/applicationset" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" + repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/server/rbacpolicy" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/collections" "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/github_app" "github.com/argoproj/argo-cd/v2/util/rbac" "github.com/argoproj/argo-cd/v2/util/security" "github.com/argoproj/argo-cd/v2/util/session" @@ -36,24 +45,36 @@ import ( ) type Server struct { - ns string - db db.ArgoDB - enf *rbac.Enforcer - appclientset appclientset.Interface - appsetInformer cache.SharedIndexInformer - appsetLister applisters.ApplicationSetLister - projLister applisters.AppProjectNamespaceLister - auditLogger *argo.AuditLogger - settings *settings.SettingsManager - projectLock sync.KeyLock - enabledNamespaces []string + ns string + db db.ArgoDB + enf *rbac.Enforcer + k8sClient kubernetes.Interface + dynamicClient dynamic.Interface + client client.Client + repoClientSet repoapiclient.Clientset + appclientset appclientset.Interface + appsetInformer cache.SharedIndexInformer + appsetLister applisters.ApplicationSetLister + projLister applisters.AppProjectNamespaceLister + auditLogger *argo.AuditLogger + settings *settings.SettingsManager + projectLock sync.KeyLock + enabledNamespaces []string + GitSubmoduleEnabled bool + EnableNewGitFileGlobbing bool + ScmRootCAPath string + AllowedScmProviders []string + EnableScmProviders bool } // NewServer returns a new instance of the ApplicationSet service func NewServer( db db.ArgoDB, kubeclientset kubernetes.Interface, + dynamicClientset dynamic.Interface, + kubeControllerClientset client.Client, enf *rbac.Enforcer, + repoClientSet repoapiclient.Clientset, appclientset appclientset.Interface, appsetInformer cache.SharedIndexInformer, appsetLister applisters.ApplicationSetLister, @@ -62,19 +83,34 @@ func NewServer( namespace string, projectLock sync.KeyLock, enabledNamespaces []string, + gitSubmoduleEnabled bool, + enableNewGitFileGlobbing bool, + scmRootCAPath string, + allowedScmProviders []string, + enableScmProviders bool, + enableK8sEvent []string, ) applicationset.ApplicationSetServiceServer { s := &Server{ - ns: namespace, - db: db, - enf: enf, - appclientset: appclientset, - appsetInformer: appsetInformer, - appsetLister: appsetLister, - projLister: projLister, - settings: settings, - projectLock: projectLock, - auditLogger: argo.NewAuditLogger(namespace, kubeclientset, "argocd-server"), - enabledNamespaces: enabledNamespaces, + ns: namespace, + db: db, + enf: enf, + dynamicClient: dynamicClientset, + client: kubeControllerClientset, + k8sClient: kubeclientset, + repoClientSet: repoClientSet, + appclientset: appclientset, + appsetInformer: appsetInformer, + appsetLister: appsetLister, + projLister: projLister, + settings: settings, + projectLock: projectLock, + auditLogger: argo.NewAuditLogger(namespace, kubeclientset, "argocd-server", enableK8sEvent), + enabledNamespaces: enabledNamespaces, + GitSubmoduleEnabled: gitSubmoduleEnabled, + EnableNewGitFileGlobbing: enableNewGitFileGlobbing, + ScmRootCAPath: scmRootCAPath, + AllowedScmProviders: allowedScmProviders, + EnableScmProviders: enableScmProviders, } return s } @@ -151,7 +187,7 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre return nil, fmt.Errorf("error creating ApplicationSets: ApplicationSets is nil in request") } - projectName, err := s.validateAppSet(ctx, appset) + projectName, err := s.validateAppSet(appset) if err != nil { return nil, fmt.Errorf("error validating ApplicationSets: %w", err) } @@ -166,6 +202,23 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre return nil, fmt.Errorf("error checking create permissions for ApplicationSets %s : %w", appset.Name, err) } + if q.GetDryRun() { + apps, err := s.generateApplicationSetApps(ctx, log.WithField("applicationset", appset.Name), *appset, namespace) + if err != nil { + return nil, fmt.Errorf("unable to generate Applications of ApplicationSet: %w", err) + } + + statusMap := appsetstatus.GetResourceStatusMap(appset) + statusMap = appsetstatus.BuildResourceStatus(statusMap, apps) + + statuses := []v1alpha1.ResourceStatus{} + for _, status := range statusMap { + statuses = append(statuses, status) + } + appset.Status.Resources = statuses + return appset, nil + } + s.projectLock.RLock(projectName) defer s.projectLock.RUnlock(projectName) @@ -209,6 +262,28 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre return updated, nil } +func (s *Server) generateApplicationSetApps(ctx context.Context, logEntry *log.Entry, appset v1alpha1.ApplicationSet, namespace string) ([]v1alpha1.Application, error) { + argoCDDB := s.db + + scmConfig := generators.NewSCMConfig(s.ScmRootCAPath, s.AllowedScmProviders, s.EnableScmProviders, github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB))) + + getRepository := func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { + return s.db.GetRepository(ctx, url, project) + } + argoCDService, err := services.NewArgoCDService(getRepository, s.GitSubmoduleEnabled, s.repoClientSet, s.EnableNewGitFileGlobbing) + if err != nil { + return nil, fmt.Errorf("error creating ArgoCDService: %w", err) + } + + appSetGenerators := generators.GetGenerators(ctx, s.client, s.k8sClient, namespace, argoCDService, s.dynamicClient, scmConfig) + + apps, _, err := appsettemplate.GenerateApplications(logEntry, appset, appSetGenerators, &appsetutils.Render{}, s.client) + if err != nil { + return nil, fmt.Errorf("error generating applications: %w", err) + } + return apps, nil +} + func (s *Server) updateAppSet(appset *v1alpha1.ApplicationSet, newAppset *v1alpha1.ApplicationSet, ctx context.Context, merge bool) (*v1alpha1.ApplicationSet, error) { if appset != nil && appset.Spec.Template.Spec.Project != newAppset.Spec.Template.Spec.Project { // When changing projects, caller must have applicationset create and update privileges in new project @@ -288,10 +363,44 @@ func (s *Server) ResourceTree(ctx context.Context, q *applicationset.Application return nil, err } - return s.buildApplicationSetTree(ctx, a) + return s.buildApplicationSetTree(a) +} + +func (s *Server) Generate(ctx context.Context, q *applicationset.ApplicationSetGenerateRequest) (*applicationset.ApplicationSetGenerateResponse, error) { + appset := q.GetApplicationSet() + + if appset == nil { + return nil, fmt.Errorf("error creating ApplicationSets: ApplicationSets is nil in request") + } + namespace := s.appsetNamespaceOrDefault(appset.Namespace) + + if !s.isNamespaceEnabled(namespace) { + return nil, security.NamespaceNotPermittedError(namespace) + } + projectName, err := s.validateAppSet(appset) + if err != nil { + return nil, fmt.Errorf("error validating ApplicationSets: %w", err) + } + if err := s.checkCreatePermissions(ctx, appset, projectName); err != nil { + return nil, fmt.Errorf("error checking create permissions for ApplicationSets %s : %w", appset.Name, err) + } + + logs := bytes.NewBuffer(nil) + logger := log.New() + logger.SetOutput(logs) + + apps, err := s.generateApplicationSetApps(ctx, logger.WithField("applicationset", appset.Name), *appset, namespace) + if err != nil { + return nil, fmt.Errorf("unable to generate Applications of ApplicationSet: %w\n%s", err, logs.String()) + } + res := &applicationset.ApplicationSetGenerateResponse{} + for i := range apps { + res.Applications = append(res.Applications, &apps[i]) + } + return res, nil } -func (s *Server) buildApplicationSetTree(ctx context.Context, a *v1alpha1.ApplicationSet) (*v1alpha1.ApplicationSetTree, error) { +func (s *Server) buildApplicationSetTree(a *v1alpha1.ApplicationSet) (*v1alpha1.ApplicationSetTree, error) { var tree v1alpha1.ApplicationSetTree gvk := v1alpha1.ApplicationSetSchemaGroupVersionKind @@ -318,7 +427,7 @@ func (s *Server) buildApplicationSetTree(ctx context.Context, a *v1alpha1.Applic return &tree, nil } -func (s *Server) validateAppSet(ctx context.Context, appset *v1alpha1.ApplicationSet) (string, error) { +func (s *Server) validateAppSet(appset *v1alpha1.ApplicationSet) (string, error) { if appset == nil { return "", fmt.Errorf("ApplicationSet cannot be validated for nil value") } diff --git a/server/applicationset/applicationset.proto b/server/applicationset/applicationset.proto index 07ed4e2c89384..8d1cb74a764b0 100644 --- a/server/applicationset/applicationset.proto +++ b/server/applicationset/applicationset.proto @@ -37,6 +37,7 @@ message ApplicationSetResponse { message ApplicationSetCreateRequest { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSet applicationset = 1; bool upsert = 2; + bool dryRun = 3; } @@ -52,14 +53,32 @@ message ApplicationSetTreeQuery { string appsetNamespace = 2; } +// ApplicationSetGetQuery is a query for applicationset resources +message ApplicationSetGenerateRequest { + // the applicationsets + github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSet applicationSet = 1; +} + +// ApplicationSetGenerateResponse is a response for applicationset generate request +message ApplicationSetGenerateResponse { + repeated github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Application applications = 1; +} + // ApplicationSetService service ApplicationSetService { - // Get returns an applicationset by name rpc Get (ApplicationSetGetQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSet) { option (google.api.http).get = "/api/v1/applicationsets/{name}"; } + // Generate generates + rpc Generate (ApplicationSetGenerateRequest) returns (ApplicationSetGenerateResponse) { + option (google.api.http) = { + post: "/api/v1/applicationsets/generate" + body: "*" + }; + } + //List returns list of applicationset rpc List (ApplicationSetListQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetList) { option (google.api.http).get = "/api/v1/applicationsets"; diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go index da8c980fdd4e5..0b83dfa2c4c90 100644 --- a/server/applicationset/applicationset_test.go +++ b/server/applicationset/applicationset_test.go @@ -2,6 +2,7 @@ package applicationset import ( "context" + "sort" "testing" "github.com/argoproj/gitops-engine/pkg/health" @@ -9,6 +10,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/fake" @@ -20,6 +22,7 @@ import ( apps "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" appinformer "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" "github.com/argoproj/argo-cd/v2/server/rbacpolicy" + "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/assets" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/errors" @@ -32,6 +35,8 @@ const ( fakeRepoURL = "https://git.com/repo.git" ) +var testEnableEventList []string = argo.DefaultEnableEventList() + func fakeRepo() *appsv1.Repository { return &appsv1.Repository{ Repo: fakeRepoURL, @@ -143,7 +148,10 @@ func newTestAppSetServerWithEnforcerConfigure(f func(*rbac.Enforcer), namespace server := NewServer( db, kubeclientset, + nil, + nil, enforcer, + nil, fakeAppsClientset, appInformer, factory.Argoproj().V1alpha1().ApplicationSets().Lister(), @@ -152,6 +160,12 @@ func newTestAppSetServerWithEnforcerConfigure(f func(*rbac.Enforcer), namespace testNamespace, sync.NewKeyLock(), []string{testNamespace, "external-namespace"}, + true, + true, + "", + []string{}, + true, + testEnableEventList, ) return server.(*Server) } @@ -358,6 +372,60 @@ func TestCreateAppSetWrongNamespace(t *testing.T) { assert.Equal(t, "namespace 'NOT-ALLOWED' is not permitted", err.Error()) } +func TestCreateAppSetDryRun(t *testing.T) { + testAppSet := newTestAppSet() + appServer := newTestAppSetServer() + testAppSet.Spec.Template.Name = "{{name}}" + testAppSet.Spec.Generators = []appsv1.ApplicationSetGenerator{ + { + List: &appsv1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"name": "a"}`)}, {Raw: []byte(`{"name": "b"}`)}}, + }, + }, + } + createReq := applicationset.ApplicationSetCreateRequest{ + Applicationset: testAppSet, + DryRun: true, + } + result, err := appServer.Create(context.Background(), &createReq) + + require.NoError(t, err) + assert.Len(t, result.Status.Resources, 2) + + // Sort resulting application by name + sort.Slice(result.Status.Resources, func(i, j int) bool { + return result.Status.Resources[i].Name < result.Status.Resources[j].Name + }) + + assert.Equal(t, "a", result.Status.Resources[0].Name) + assert.Equal(t, testAppSet.Namespace, result.Status.Resources[0].Namespace) + assert.Equal(t, "b", result.Status.Resources[1].Name) + assert.Equal(t, testAppSet.Namespace, result.Status.Resources[1].Namespace) +} + +func TestCreateAppSetDryRunWithDuplicate(t *testing.T) { + testAppSet := newTestAppSet() + appServer := newTestAppSetServer() + testAppSet.Spec.Template.Name = "{{name}}" + testAppSet.Spec.Generators = []appsv1.ApplicationSetGenerator{ + { + List: &appsv1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"name": "a"}`)}, {Raw: []byte(`{"name": "a"}`)}}, + }, + }, + } + createReq := applicationset.ApplicationSetCreateRequest{ + Applicationset: testAppSet, + DryRun: true, + } + result, err := appServer.Create(context.Background(), &createReq) + + require.NoError(t, err) + assert.Len(t, result.Status.Resources, 1) + assert.Equal(t, "a", result.Status.Resources[0].Name) + assert.Equal(t, testAppSet.Namespace, result.Status.Resources[0].Namespace) +} + func TestGetAppSet(t *testing.T) { appSet1 := newTestAppSet(func(appset *appsv1.ApplicationSet) { appset.Name = "AppSet1" diff --git a/server/cache/cache.go b/server/cache/cache.go index b22491c0ad6b9..cc0e9a077bbb5 100644 --- a/server/cache/cache.go +++ b/server/cache/cache.go @@ -69,6 +69,16 @@ func (c *Cache) SetRepoConnectionState(repo string, project string, state *appv1 return c.cache.SetItem(repoConnectionStateKey(repo, project), &state, c.connectionStatusCacheExpiration, state == nil) } +func repoConnectionStateKey(repo string, project string) string { + return fmt.Sprintf("repo|%s|%s|connection-state", repo, project) +} + +func (c *Cache) GetRepoConnectionState(repo string, project string) (appv1.ConnectionState, error) { + res := appv1.ConnectionState{} + err := c.cache.GetItem(repoConnectionStateKey(repo, project), &res) + return res, err +} + func (c *Cache) SetLastApplicationEvent(a *appv1.Application, exp time.Duration) error { return c.cache.SetItem(lastApplicationEventKey(a), a, exp, false) } @@ -96,16 +106,6 @@ func lastResourceEventKey(a *appv1.Application, rs appv1.ResourceStatus, revisio a.Namespace, a.Name, revision, rs.Group, rs.Version, rs.Kind, rs.Name, rs.Namespace) } -func repoConnectionStateKey(repo string, project string) string { - return fmt.Sprintf("repo|%s|%s|connection-state", repo, project) -} - -func (c *Cache) GetRepoConnectionState(repo string, project string) (appv1.ConnectionState, error) { - res := appv1.ConnectionState{} - err := c.cache.GetItem(repoConnectionStateKey(repo, project), &res) - return res, err -} - func (c *Cache) GetClusterInfo(server string, res *appv1.ClusterInfo) error { return c.cache.GetClusterInfo(server, res) } diff --git a/server/cluster/cluster.go b/server/cluster/cluster.go index ed59e90f54f5b..c92600448ed75 100644 --- a/server/cluster/cluster.go +++ b/server/cluster/cluster.go @@ -165,7 +165,7 @@ func (s *Server) Create(ctx context.Context, q *cluster.ClusterCreateRequest) (* } else if q.Upsert { return s.Update(ctx, &cluster.ClusterUpdateRequest{Cluster: c}) } else { - return nil, status.Errorf(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("cluster", existing, c)) + return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("cluster", existing, c)) } } else { return nil, err @@ -471,7 +471,9 @@ func (s *Server) toAPIResponse(clust *appv1.Cluster) *appv1.Cluster { clust.Config.ExecProviderConfig.Args = nil } // populate deprecated fields for backward compatibility + // nolint:staticcheck clust.ServerVersion = clust.Info.ServerVersion + // nolint:staticcheck clust.ConnectionState = clust.Info.ConnectionState return clust } diff --git a/server/deeplinks/deeplinks.go b/server/deeplinks/deeplinks.go index 13d332072ce40..933dcde42decb 100644 --- a/server/deeplinks/deeplinks.go +++ b/server/deeplinks/deeplinks.go @@ -6,8 +6,8 @@ import ( "text/template" "github.com/Masterminds/sprig/v3" - "github.com/antonmedv/expr" "github.com/argoproj/gitops-engine/pkg/utils/kube" + "github.com/expr-lang/expr" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/utils/ptr" @@ -84,45 +84,41 @@ func EvaluateDeepLinksResponse(obj map[string]interface{}, name string, links [] finalLinks := []*application.LinkInfo{} errors := []string{} for _, link := range links { - t, err := template.New("deep-link").Funcs(sprigFuncMap).Parse(link.URL) - if err != nil { - errors = append(errors, fmt.Sprintf("failed to parse link template '%v', error=%v", link.URL, err.Error())) - continue - } - finalURL := bytes.Buffer{} - err = t.Execute(&finalURL, obj) - if err != nil { - errors = append(errors, fmt.Sprintf("failed to evaluate link template '%v' with resource %v, error=%v", link.URL, name, err.Error())) - continue - } if link.Condition != nil { out, err := expr.Eval(*link.Condition, obj) if err != nil { errors = append(errors, fmt.Sprintf("failed to evaluate link condition '%v' with resource %v, error=%v", *link.Condition, name, err.Error())) continue } - switch resOut := out.(type) { + switch condResult := out.(type) { case bool: - if resOut { - finalLinks = append(finalLinks, &application.LinkInfo{ - Title: ptr.To(link.Title), - Url: ptr.To(finalURL.String()), - Description: link.Description, - IconClass: link.IconClass, - }) + if !condResult { + continue } default: errors = append(errors, fmt.Sprintf("link condition '%v' evaluated to non-boolean value for resource %v", *link.Condition, name)) continue } - } else { - finalLinks = append(finalLinks, &application.LinkInfo{ - Title: ptr.To(link.Title), - Url: ptr.To(finalURL.String()), - Description: link.Description, - IconClass: link.IconClass, - }) } + + t, err := template.New("deep-link").Funcs(sprigFuncMap).Parse(link.URL) + if err != nil { + errors = append(errors, fmt.Sprintf("failed to parse link template '%v', error=%v", link.URL, err.Error())) + continue + } + finalURL := bytes.Buffer{} + err = t.Execute(&finalURL, obj) + if err != nil { + errors = append(errors, fmt.Sprintf("failed to evaluate link template '%v' with resource %v, error=%v", link.URL, name, err.Error())) + continue + } + + finalLinks = append(finalLinks, &application.LinkInfo{ + Title: ptr.To(link.Title), + Url: ptr.To(finalURL.String()), + Description: link.Description, + IconClass: link.IconClass, + }) } return &application.LinksResponse{ Items: finalLinks, diff --git a/server/deeplinks/deeplinks_test.go b/server/deeplinks/deeplinks_test.go index 8458a72770f50..217b8b93b7dbe 100644 --- a/server/deeplinks/deeplinks_test.go +++ b/server/deeplinks/deeplinks_test.go @@ -19,6 +19,7 @@ import ( ) type deepLinkTC struct { + name string appObj *unstructured.Unstructured clusterObj *unstructured.Unstructured resourceObj *unstructured.Unstructured @@ -70,6 +71,7 @@ func TestDeepLinks(t *testing.T) { require.NoError(t, err) testTable := []deepLinkTC{ { + name: "link to git repo per cluster", appObj: appObj, resourceObj: resourceObj, projectObj: projectObj, @@ -86,6 +88,7 @@ func TestDeepLinks(t *testing.T) { error: []string{}, }, { + name: "link to git repo per cluster with abbreviated name", appObj: appObj, resourceObj: resourceObj, projectObj: projectObj, @@ -102,6 +105,7 @@ func TestDeepLinks(t *testing.T) { error: []string{}, }, { + name: "condition on missing key", appObj: appObj, resourceObj: resourceObj, projectObj: projectObj, @@ -126,9 +130,10 @@ func TestDeepLinks(t *testing.T) { Title: ptr.To("link"), Url: ptr.To("http://example.com/test&testns"), }}, - error: []string{"failed to evaluate link condition 'application.metadata.test matches \"test\"' with resource test, error=interface conversion: interface {} is nil, not string (1:27)\n | application.metadata.test matches \"test\"\n | ..........................^"}, + error: []string{}, }, { + name: "condition on invalid expression", appObj: appObj, resourceObj: resourceObj, projectObj: projectObj, @@ -151,6 +156,7 @@ func TestDeepLinks(t *testing.T) { error: []string{"link condition '1 + 1' evaluated to non-boolean value for resource test"}, }, { + name: "condition on app and project name", appObj: appObj, resourceObj: resourceObj, projectObj: projectObj, @@ -166,12 +172,38 @@ func TestDeepLinks(t *testing.T) { }}, error: []string{}, }, + { + name: "evaluate template for valid condition", + appObj: appObj, + resourceObj: resourceObj, + projectObj: projectObj, + inputLinks: []settings.DeepLink{ + { + Title: "link", + URL: "http://not-evaluated.com/{{ index \"invalid\" .application.metadata.labels }}", + Condition: ptr.To(`false`), + }, + { + Title: "link", + URL: "http://evaluated.com/{{ index \"invalid\" .application.metadata.labels }}", + Condition: ptr.To(`true`), + }, + }, + outputLinks: []*application.LinkInfo{}, + error: []string{ + "failed to evaluate link template 'http://evaluated.com/{{ index \"invalid\" .application.metadata.labels }}' with resource test, error=template: deep-link:1:24: executing \"deep-link\" at : error calling index: cannot index slice/array with nil", + }, + }, } for _, tc := range testTable { - objs := CreateDeepLinksObject(tc.resourceObj, tc.appObj, tc.clusterObj, tc.projectObj) - output, err := EvaluateDeepLinksResponse(objs, tc.appObj.GetName(), tc.inputLinks) - assert.Equal(t, tc.error, err, strings.Join(err, ",")) - assert.True(t, reflect.DeepEqual(output.Items, tc.outputLinks)) + tcc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + objs := CreateDeepLinksObject(tcc.resourceObj, tcc.appObj, tcc.clusterObj, tcc.projectObj) + output, err := EvaluateDeepLinksResponse(objs, tcc.appObj.GetName(), tcc.inputLinks) + assert.Equal(t, tcc.error, err, strings.Join(err, ",")) + assert.True(t, reflect.DeepEqual(output.Items, tcc.outputLinks)) + }) } } diff --git a/server/extension/extension.go b/server/extension/extension.go index 95dc539a70af1..d28d3aac5dc9f 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -22,6 +22,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/security" + "github.com/argoproj/argo-cd/v2/util/session" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -32,6 +33,12 @@ const ( DefaultIdleConnectionTimeout = 60 * time.Second DefaultMaxIdleConnections = 30 + // HeaderArgoCDNamespace defines the namespace of the + // argo control plane to be passed to the extension handler. + // Example: + // Argocd-Namespace: "namespace" + HeaderArgoCDNamespace = "Argocd-Namespace" + // HeaderArgoCDApplicationName defines the name of the // expected application header to be passed to the extension // handler. The header value must follow the format: @@ -64,6 +71,14 @@ const ( // the client, its value will be overridden by the extension // handler. HeaderArgoCDTargetClusterName = "Argocd-Target-Cluster-Name" + + // HeaderArgoCDUsername is the header name that defines the logged + // in user authenticated by Argo CD. + HeaderArgoCDUsername = "Argocd-Username" + + // HeaderArgoCDGroups is the header name that provides the 'groups' + // claim from the users authenticated in Argo CD. + HeaderArgoCDGroups = "Argocd-User-Groups" ) // RequestResources defines the authorization scope for @@ -265,6 +280,34 @@ func (p *DefaultProjectGetter) GetClusters(project string) ([]*v1alpha1.Cluster, return p.db.GetProjectClusters(context.TODO(), project) } +// UserGetter defines the contract to retrieve info from the logged in user. +type UserGetter interface { + GetUser(ctx context.Context) string + GetGroups(ctx context.Context) []string +} + +// DefaultUserGetter is the main UserGetter implementation. +type DefaultUserGetter struct { + policyEnf *rbacpolicy.RBACPolicyEnforcer +} + +// NewDefaultUserGetter return a new default UserGetter +func NewDefaultUserGetter(policyEnf *rbacpolicy.RBACPolicyEnforcer) *DefaultUserGetter { + return &DefaultUserGetter{ + policyEnf: policyEnf, + } +} + +// GetUser will return the current logged in user +func (u *DefaultUserGetter) GetUser(ctx context.Context) string { + return session.Username(ctx) +} + +// GetGroups will return the groups associated with the logged in user. +func (u *DefaultUserGetter) GetGroups(ctx context.Context) []string { + return session.Groups(ctx, u.policyEnf.GetScopes()) +} + // ApplicationGetter defines the contract to retrieve the application resource. type ApplicationGetter interface { Get(ns, name string) (*v1alpha1.Application, error) @@ -282,7 +325,7 @@ func NewDefaultApplicationGetter(al applisters.ApplicationLister) *DefaultApplic } } -// Get will retrieve the application resorce for the given namespace and name. +// Get will retrieve the application resource for the given namespace and name. func (a *DefaultApplicationGetter) Get(ns, name string) (*v1alpha1.Application, error) { return a.appLister.Applications(ns).Get(name) } @@ -296,12 +339,14 @@ type RbacEnforcer interface { // and handling proxy extensions. type Manager struct { log *log.Entry + namespace string settings SettingsGetter application ApplicationGetter project ProjectGetter rbac RbacEnforcer registry ExtensionRegistry metricsReg ExtensionMetricsRegistry + userGetter UserGetter } // ExtensionMetricsRegistry exposes operations to update http metrics in the Argo CD @@ -317,13 +362,15 @@ type ExtensionMetricsRegistry interface { } // NewManager will initialize a new manager. -func NewManager(log *log.Entry, sg SettingsGetter, ag ApplicationGetter, pg ProjectGetter, rbac RbacEnforcer) *Manager { +func NewManager(log *log.Entry, namespace string, sg SettingsGetter, ag ApplicationGetter, pg ProjectGetter, rbac RbacEnforcer, ug UserGetter) *Manager { return &Manager{ log: log, + namespace: namespace, settings: sg, application: ag, project: pg, rbac: rbac, + userGetter: ug, } } @@ -363,28 +410,46 @@ func proxyKey(extName, cName, cServer string) ProxyKey { } func parseAndValidateConfig(s *settings.ArgoCDSettings) (*ExtensionConfigs, error) { - if s.ExtensionConfig == "" { + if len(s.ExtensionConfig) == 0 { return nil, fmt.Errorf("no extensions configurations found") } - extConfigMap := map[string]interface{}{} - err := yaml.Unmarshal([]byte(s.ExtensionConfig), &extConfigMap) - if err != nil { - return nil, fmt.Errorf("invalid extension config: %w", err) - } - - parsedExtConfig := settings.ReplaceMapSecrets(extConfigMap, s.Secrets) - parsedExtConfigBytes, err := yaml.Marshal(parsedExtConfig) - if err != nil { - return nil, fmt.Errorf("error marshaling parsed extension config: %w", err) - } - configs := ExtensionConfigs{} - err = yaml.Unmarshal(parsedExtConfigBytes, &configs) - if err != nil { - return nil, fmt.Errorf("invalid parsed extension config: %w", err) + for extName, extConfig := range s.ExtensionConfig { + extConfigMap := map[string]interface{}{} + err := yaml.Unmarshal([]byte(extConfig), &extConfigMap) + if err != nil { + return nil, fmt.Errorf("invalid extension config: %w", err) + } + + parsedExtConfig := settings.ReplaceMapSecrets(extConfigMap, s.Secrets) + parsedExtConfigBytes, err := yaml.Marshal(parsedExtConfig) + if err != nil { + return nil, fmt.Errorf("error marshaling parsed extension config: %w", err) + } + // empty extName means that this is the main configuration defined by + // the 'extension.config' configmap key + if extName == "" { + mainConfig := ExtensionConfigs{} + err = yaml.Unmarshal(parsedExtConfigBytes, &mainConfig) + if err != nil { + return nil, fmt.Errorf("invalid parsed extension config: %w", err) + } + configs.Extensions = append(configs.Extensions, mainConfig.Extensions...) + } else { + backendConfig := BackendConfig{} + err = yaml.Unmarshal(parsedExtConfigBytes, &backendConfig) + if err != nil { + return nil, fmt.Errorf("invalid parsed backend extension config for extension %s: %w", extName, err) + } + ext := ExtensionConfig{ + Name: extName, + Backend: backendConfig, + } + configs.Extensions = append(configs.Extensions, ext) + } } - err = validateConfigs(&configs) + err := validateConfigs(&configs) if err != nil { return nil, fmt.Errorf("validation error: %w", err) } @@ -499,7 +564,7 @@ func (m *Manager) RegisterExtensions() error { if err != nil { return fmt.Errorf("error getting settings: %w", err) } - if settings.ExtensionConfig == "" { + if len(settings.ExtensionConfig) == 0 { m.log.Infof("No extensions configured.") return nil } @@ -699,7 +764,9 @@ func (m *Manager) CallExtension() func(http.ResponseWriter, *http.Request) { return } - prepareRequest(r, extName, app) + user := m.userGetter.GetUser(r.Context()) + groups := m.userGetter.GetGroups(r.Context()) + prepareRequest(r, m.namespace, extName, app, user, groups) m.log.Debugf("proxing request for extension %q", extName) // httpsnoop package is used to properly wrap the responseWriter // and avoid optional intefaces issue: @@ -719,16 +786,28 @@ func registerMetrics(extName string, metrics httpsnoop.Metrics, extensionMetrics } // prepareRequest is responsible for cleaning the incoming request URL removing -// the Argo CD extension API section from it. It will set the cluster destination name -// and cluster destination server in the headers as it is defined in the given app. -func prepareRequest(r *http.Request, extName string, app *v1alpha1.Application) { +// the Argo CD extension API section from it. It provides additional information to +// the backend service appending them in the outgoing request headers. The appended +// headers are: +// - Control plane namespace +// - Cluster destination name +// - Cluster destination server +// - Argo CD authenticated username +func prepareRequest(r *http.Request, namespace string, extName string, app *v1alpha1.Application, username string, groups []string) { r.URL.Path = strings.TrimPrefix(r.URL.Path, fmt.Sprintf("%s/%s", URLPrefix, extName)) + r.Header.Set(HeaderArgoCDNamespace, namespace) if app.Spec.Destination.Name != "" { r.Header.Set(HeaderArgoCDTargetClusterName, app.Spec.Destination.Name) } if app.Spec.Destination.Server != "" { r.Header.Set(HeaderArgoCDTargetClusterURL, app.Spec.Destination.Server) } + if username != "" { + r.Header.Set(HeaderArgoCDUsername, username) + } + if len(groups) > 0 { + r.Header.Set(HeaderArgoCDGroups, strings.Join(groups, ",")) + } } // AddMetricsRegistry will associate the given metricsReg in the Manager. diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go index 7d6a8e5ffb02b..2b7f2d467964d 100644 --- a/server/extension/extension_test.go +++ b/server/extension/extension_test.go @@ -150,7 +150,7 @@ func TestRegisterExtensions(t *testing.T) { logger, _ := test.NewNullLogger() logEntry := logger.WithContext(context.Background()) - m := extension.NewManager(logEntry, settMock, nil, nil, nil) + m := extension.NewManager(logEntry, "", settMock, nil, nil, nil, nil) return &fixture{ settingsGetterMock: settMock, @@ -162,12 +162,16 @@ func TestRegisterExtensions(t *testing.T) { t.Parallel() f := setup() settings := &settings.ArgoCDSettings{ - ExtensionConfig: getExtensionConfigString(), + ExtensionConfig: map[string]string{ + "": getExtensionConfigString(), + "another-ext": getSingleExtensionConfigString(), + }, } f.settingsGetterMock.On("Get", mock.Anything).Return(settings, nil) expectedProxyRegistries := []string{ "external-backend", "some-backend", + "another-ext", } // when @@ -223,7 +227,9 @@ func TestRegisterExtensions(t *testing.T) { t.Parallel() f := setup() settings := &settings.ArgoCDSettings{ - ExtensionConfig: tc.configYaml, + ExtensionConfig: map[string]string{ + "": tc.configYaml, + }, } f.settingsGetterMock.On("Get", mock.Anything).Return(settings, nil) @@ -245,8 +251,10 @@ func TestCallExtension(t *testing.T) { rbacMock *mocks.RbacEnforcer projMock *mocks.ProjectGetter metricsMock *mocks.ExtensionMetricsRegistry + userMock *mocks.UserGetter manager *extension.Manager } + defaultServerNamespace := "control-plane-ns" defaultProjectName := "project-name" setup := func() *fixture { @@ -255,10 +263,11 @@ func TestCallExtension(t *testing.T) { rbacMock := &mocks.RbacEnforcer{} projMock := &mocks.ProjectGetter{} metricsMock := &mocks.ExtensionMetricsRegistry{} + userMock := &mocks.UserGetter{} logger, _ := test.NewNullLogger() logEntry := logger.WithContext(context.Background()) - m := extension.NewManager(logEntry, settMock, appMock, projMock, rbacMock) + m := extension.NewManager(logEntry, defaultServerNamespace, settMock, appMock, projMock, rbacMock, userMock) m.AddMetricsRegistry(metricsMock) mux := http.NewServeMux() @@ -272,6 +281,7 @@ func TestCallExtension(t *testing.T) { rbacMock: rbacMock, projMock: projMock, metricsMock: metricsMock, + userMock: userMock, manager: m, } } @@ -347,14 +357,21 @@ func TestCallExtension(t *testing.T) { f.rbacMock.On("EnforceErr", mock.Anything, rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, mock.Anything).Return(extAccessError) } + withUser := func(f *fixture, username string, groups []string) { + f.userMock.On("GetUser", mock.Anything).Return(username) + f.userMock.On("GetGroups", mock.Anything).Return(groups) + } + withExtensionConfig := func(configYaml string, f *fixture) { secrets := make(map[string]string) secrets["extension.auth.header"] = "Bearer some-bearer-token" secrets["extension.auth.header2"] = "Bearer another-bearer-token" settings := &settings.ArgoCDSettings{ - ExtensionConfig: configYaml, - Secrets: secrets, + ExtensionConfig: map[string]string{ + "": configYaml, + }, + Secrets: secrets, } f.settingsGetterMock.On("Get", mock.Anything).Return(settings, nil) } @@ -403,6 +420,7 @@ func TestCallExtension(t *testing.T) { })) defer backendSrv.Close() withRbac(f, true, true) + withUser(f, "some-user", []string{"group1", "group2"}) withExtensionConfig(getExtensionConfig(backendEndpoint, backendSrv.URL), f) ts := startTestServer(t, f) defer ts.Close() @@ -435,8 +453,11 @@ func TestCallExtension(t *testing.T) { require.NoError(t, err) actual := strings.TrimSuffix(string(body), "\n") assert.Equal(t, backendResponse, actual) + assert.Equal(t, defaultServerNamespace, resp.Header.Get(extension.HeaderArgoCDNamespace)) assert.Equal(t, clusterURL, resp.Header.Get(extension.HeaderArgoCDTargetClusterURL)) assert.Equal(t, "Bearer some-bearer-token", resp.Header.Get("Authorization")) + assert.Equal(t, "some-user", resp.Header.Get(extension.HeaderArgoCDUsername)) + assert.Equal(t, "group1,group2", resp.Header.Get(extension.HeaderArgoCDGroups)) // waitgroup is necessary to make sure assertions aren't executed before // the goroutine initiated by extension.CallExtension concludes which would @@ -452,6 +473,7 @@ func TestCallExtension(t *testing.T) { withExtensionConfig(getExtensionConfigString(), f) withRbac(f, true, true) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) cluster1Name := "cluster1" f.appGetterMock.On("Get", "namespace", "app-name").Return(getApp(cluster1Name, "", defaultProjectName), nil) withProject(getProjectWithDestinations("project-name", []string{cluster1Name}, []string{"some-url"}), f) @@ -492,6 +514,7 @@ func TestCallExtension(t *testing.T) { withExtensionConfig(getExtensionConfigWith2Backends(extName, beSrv1.URL, cluster1Name, beSrv2.URL, cluster2URL), f) withProject(getProjectWithDestinations("project-name", []string{cluster1Name}, []string{cluster2URL}), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() @@ -538,6 +561,7 @@ func TestCallExtension(t *testing.T) { withRbac(f, allowApp, allowExtension) withExtensionConfig(getExtensionConfig(extName, "http://fake"), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName)) @@ -561,6 +585,7 @@ func TestCallExtension(t *testing.T) { withRbac(f, allowApp, allowExtension) withExtensionConfig(getExtensionConfig(extName, "http://fake"), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName)) @@ -585,6 +610,7 @@ func TestCallExtension(t *testing.T) { withRbac(f, allowApp, allowExtension) withExtensionConfig(getExtensionConfig(extName, "http://fake"), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName)) @@ -610,6 +636,7 @@ func TestCallExtension(t *testing.T) { withRbac(f, allowApp, allowExtension) withExtensionConfig(getExtensionConfig(extName, "http://fake"), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName)) @@ -635,6 +662,7 @@ func TestCallExtension(t *testing.T) { withRbac(f, allowApp, allowExtension) withExtensionConfig(getExtensionConfig(extName, "http://fake"), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName)) @@ -666,6 +694,7 @@ func TestCallExtension(t *testing.T) { withExtensionConfig(getExtensionConfigWith2Backends(extName, "url1", "clusterName", "url2", "clusterURL"), f) withProject(getProjectWithDestinations("project-name", nil, []string{"srv1", destinationServer}), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() @@ -699,6 +728,7 @@ func TestCallExtension(t *testing.T) { withRbac(f, allowApp, allowExtension) withExtensionConfig(getExtensionConfig(extName, "http://fake"), f) withMetrics(f) + withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/", ts.URL)) @@ -774,6 +804,17 @@ extensions: ` } +func getSingleExtensionConfigString() string { + return ` +connectionTimeout: 10s +keepAlive: 11s +idleConnectionTimeout: 12s +maxIdleConnections: 30 +services: +- url: http://localhost:7777 +` +} + func getExtensionConfigNoService() string { return ` extensions: diff --git a/server/extension/mocks/ApplicationGetter.go b/server/extension/mocks/ApplicationGetter.go index bad203f47ebfe..1b742bdf320ae 100644 --- a/server/extension/mocks/ApplicationGetter.go +++ b/server/extension/mocks/ApplicationGetter.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.15.0. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -16,7 +16,15 @@ type ApplicationGetter struct { func (_m *ApplicationGetter) Get(ns string, name string) (*v1alpha1.Application, error) { ret := _m.Called(ns, name) + if len(ret) == 0 { + panic("no return value specified for Get") + } + var r0 *v1alpha1.Application + var r1 error + if rf, ok := ret.Get(0).(func(string, string) (*v1alpha1.Application, error)); ok { + return rf(ns, name) + } if rf, ok := ret.Get(0).(func(string, string) *v1alpha1.Application); ok { r0 = rf(ns, name) } else { @@ -25,7 +33,6 @@ func (_m *ApplicationGetter) Get(ns string, name string) (*v1alpha1.Application, } } - var r1 error if rf, ok := ret.Get(1).(func(string, string) error); ok { r1 = rf(ns, name) } else { @@ -35,13 +42,12 @@ func (_m *ApplicationGetter) Get(ns string, name string) (*v1alpha1.Application, return r0, r1 } -type mockConstructorTestingTNewApplicationGetter interface { +// NewApplicationGetter creates a new instance of ApplicationGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewApplicationGetter(t interface { mock.TestingT Cleanup(func()) -} - -// NewApplicationGetter creates a new instance of ApplicationGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewApplicationGetter(t mockConstructorTestingTNewApplicationGetter) *ApplicationGetter { +}) *ApplicationGetter { mock := &ApplicationGetter{} mock.Mock.Test(t) diff --git a/server/extension/mocks/ExtensionMetricsRegistry.go b/server/extension/mocks/ExtensionMetricsRegistry.go index 78e583929f74d..be1d5285dd4de 100644 --- a/server/extension/mocks/ExtensionMetricsRegistry.go +++ b/server/extension/mocks/ExtensionMetricsRegistry.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.38.0. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks diff --git a/server/extension/mocks/ProjectGetter.go b/server/extension/mocks/ProjectGetter.go index d70b0c70ccfc6..f3e156aa30182 100644 --- a/server/extension/mocks/ProjectGetter.go +++ b/server/extension/mocks/ProjectGetter.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.15.0. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -16,7 +16,15 @@ type ProjectGetter struct { func (_m *ProjectGetter) Get(name string) (*v1alpha1.AppProject, error) { ret := _m.Called(name) + if len(ret) == 0 { + panic("no return value specified for Get") + } + var r0 *v1alpha1.AppProject + var r1 error + if rf, ok := ret.Get(0).(func(string) (*v1alpha1.AppProject, error)); ok { + return rf(name) + } if rf, ok := ret.Get(0).(func(string) *v1alpha1.AppProject); ok { r0 = rf(name) } else { @@ -25,7 +33,6 @@ func (_m *ProjectGetter) Get(name string) (*v1alpha1.AppProject, error) { } } - var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(name) } else { @@ -39,7 +46,15 @@ func (_m *ProjectGetter) Get(name string) (*v1alpha1.AppProject, error) { func (_m *ProjectGetter) GetClusters(project string) ([]*v1alpha1.Cluster, error) { ret := _m.Called(project) + if len(ret) == 0 { + panic("no return value specified for GetClusters") + } + var r0 []*v1alpha1.Cluster + var r1 error + if rf, ok := ret.Get(0).(func(string) ([]*v1alpha1.Cluster, error)); ok { + return rf(project) + } if rf, ok := ret.Get(0).(func(string) []*v1alpha1.Cluster); ok { r0 = rf(project) } else { @@ -48,7 +63,6 @@ func (_m *ProjectGetter) GetClusters(project string) ([]*v1alpha1.Cluster, error } } - var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(project) } else { @@ -58,13 +72,12 @@ func (_m *ProjectGetter) GetClusters(project string) ([]*v1alpha1.Cluster, error return r0, r1 } -type mockConstructorTestingTNewProjectGetter interface { +// NewProjectGetter creates a new instance of ProjectGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewProjectGetter(t interface { mock.TestingT Cleanup(func()) -} - -// NewProjectGetter creates a new instance of ProjectGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewProjectGetter(t mockConstructorTestingTNewProjectGetter) *ProjectGetter { +}) *ProjectGetter { mock := &ProjectGetter{} mock.Mock.Test(t) diff --git a/server/extension/mocks/RbacEnforcer.go b/server/extension/mocks/RbacEnforcer.go index 01fb0c7421c69..d247ccb72f649 100644 --- a/server/extension/mocks/RbacEnforcer.go +++ b/server/extension/mocks/RbacEnforcer.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.15.0. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -15,6 +15,10 @@ func (_m *RbacEnforcer) EnforceErr(rvals ...interface{}) error { _ca = append(_ca, rvals...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for EnforceErr") + } + var r0 error if rf, ok := ret.Get(0).(func(...interface{}) error); ok { r0 = rf(rvals...) @@ -25,13 +29,12 @@ func (_m *RbacEnforcer) EnforceErr(rvals ...interface{}) error { return r0 } -type mockConstructorTestingTNewRbacEnforcer interface { +// NewRbacEnforcer creates a new instance of RbacEnforcer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRbacEnforcer(t interface { mock.TestingT Cleanup(func()) -} - -// NewRbacEnforcer creates a new instance of RbacEnforcer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewRbacEnforcer(t mockConstructorTestingTNewRbacEnforcer) *RbacEnforcer { +}) *RbacEnforcer { mock := &RbacEnforcer{} mock.Mock.Test(t) diff --git a/server/extension/mocks/SettingsGetter.go b/server/extension/mocks/SettingsGetter.go index 303de9c5eeebf..4880ac861b75d 100644 --- a/server/extension/mocks/SettingsGetter.go +++ b/server/extension/mocks/SettingsGetter.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.15.0. DO NOT EDIT. +// Code generated by mockery v2.43.2. DO NOT EDIT. package mocks @@ -16,7 +16,15 @@ type SettingsGetter struct { func (_m *SettingsGetter) Get() (*settings.ArgoCDSettings, error) { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for Get") + } + var r0 *settings.ArgoCDSettings + var r1 error + if rf, ok := ret.Get(0).(func() (*settings.ArgoCDSettings, error)); ok { + return rf() + } if rf, ok := ret.Get(0).(func() *settings.ArgoCDSettings); ok { r0 = rf() } else { @@ -25,7 +33,6 @@ func (_m *SettingsGetter) Get() (*settings.ArgoCDSettings, error) { } } - var r1 error if rf, ok := ret.Get(1).(func() error); ok { r1 = rf() } else { @@ -35,13 +42,12 @@ func (_m *SettingsGetter) Get() (*settings.ArgoCDSettings, error) { return r0, r1 } -type mockConstructorTestingTNewSettingsGetter interface { +// NewSettingsGetter creates a new instance of SettingsGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewSettingsGetter(t interface { mock.TestingT Cleanup(func()) -} - -// NewSettingsGetter creates a new instance of SettingsGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewSettingsGetter(t mockConstructorTestingTNewSettingsGetter) *SettingsGetter { +}) *SettingsGetter { mock := &SettingsGetter{} mock.Mock.Test(t) diff --git a/server/extension/mocks/UserGetter.go b/server/extension/mocks/UserGetter.go new file mode 100644 index 0000000000000..efd7e9ec412be --- /dev/null +++ b/server/extension/mocks/UserGetter.go @@ -0,0 +1,66 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + mock "github.com/stretchr/testify/mock" +) + +// UserGetter is an autogenerated mock type for the UserGetter type +type UserGetter struct { + mock.Mock +} + +// GetGroups provides a mock function with given fields: ctx +func (_m *UserGetter) GetGroups(ctx context.Context) []string { + ret := _m.Called(ctx) + + if len(ret) == 0 { + panic("no return value specified for GetGroups") + } + + var r0 []string + if rf, ok := ret.Get(0).(func(context.Context) []string); ok { + r0 = rf(ctx) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + return r0 +} + +// GetUser provides a mock function with given fields: ctx +func (_m *UserGetter) GetUser(ctx context.Context) string { + ret := _m.Called(ctx) + + if len(ret) == 0 { + panic("no return value specified for GetUser") + } + + var r0 string + if rf, ok := ret.Get(0).(func(context.Context) string); ok { + r0 = rf(ctx) + } else { + r0 = ret.Get(0).(string) + } + + return r0 +} + +// NewUserGetter creates a new instance of UserGetter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewUserGetter(t interface { + mock.TestingT + Cleanup(func()) +}) *UserGetter { + mock := &UserGetter{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/server/logout/logout.go b/server/logout/logout.go index e49f815931596..6129e2f9a85be 100644 --- a/server/logout/logout.go +++ b/server/logout/logout.go @@ -65,7 +65,10 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - argoURL := argoCDSettings.URL + argoURL, err := argoCDSettings.ArgoURLForRequest(r) + if err != nil { + log.Warnf("unable to find ArgoCD URL from config: %v", err) + } if argoURL == "" { // golang does not provide any easy way to determine scheme of current request // so redirecting ot http which will auto-redirect too https if necessary diff --git a/server/logout/logout_test.go b/server/logout/logout_test.go index 78a735c528beb..3d2bab2d3662d 100644 --- a/server/logout/logout_test.go +++ b/server/logout/logout_test.go @@ -36,6 +36,7 @@ var ( oidcToken = "eyJraWQiOiJYQi1MM3ZFdHhYWXJLcmRSQnVEV0NwdnZsSnk3SEJVb2d5N253M1U1Z1ZZIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHVqNnM1NDVyNU5peVNLcjVkNSIsIm5hbWUiOiJqZCByIiwiZW1haWwiOiJqYWlkZWVwMTdydWx6QGdtYWlsLmNvbSIsInZlciI6MSwiaXNzIjoiaHR0cHM6Ly9kZXYtNTY5NTA5OC5va3RhLmNvbSIsImF1ZCI6IjBvYWowM2FmSEtqN3laWXJwNWQ1IiwiaWF0IjoxNjA1NTcyMzU5LCJleHAiOjE2MDU1NzU5NTksImp0aSI6IklELl9ORDJxVG5iREFtc3hIZUt2U2ZHeVBqTXRicXFEQXdkdlRQTDZCTnpfR3ciLCJhbXIiOlsicHdkIl0sImlkcCI6IjAwb2lnaGZmdkpRTDYzWjhoNWQ1IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFpZGVlcDE3cnVsekBnbWFpbC5jb20iLCJhdXRoX3RpbWUiOjE2MDU1NzIzNTcsImF0X2hhc2giOiJqZVEwRml2ak9nNGI2TUpXRDIxOWxnIn0.GHkqwXgW-lrAhJdypW7SVjW0YdNLFQiRL8iwgT6DHJxP9Nb0OtkH2NKcBYAA5N6bTPLRQUHgYwWcgm5zSXmvqa7ciIgPF3tiQI8UmJA9VFRRDR-x9ExX15nskCbXfiQ67MriLslUrQUyzSCfUrSjXKwnDxbKGQncrtmRsh5asfCzJFb9excn311W9HKbT3KA0Ot7eOMnVS6V7SGfXxnKs6szcXIEMa_FhB4zDAVLr-dnxvSG_uuWcHrAkLTUVhHbdQQXF7hXIEfyr5lkMJN-drjdz-bn40GaYulEmUvO1bjcL9toCVQ3Ismypyr0b8phj4w3uRsLDZQxTxK7jAXlyQ" nonOidcToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2MDU1NzQyMTIsImlzcyI6ImFyZ29jZCIsIm5iZiI6MTYwNTU3NDIxMiwic3ViIjoiYWRtaW4ifQ.zDJ4piwWnwsHON-oPusHMXWINlnrRDTQykYogT7afeE" expectedNonOIDCLogoutURL = "http://localhost:4000" + expectedNonOIDCLogoutURLOnSecondHost = "http://argocd.my-corp.tld" expectedOIDCLogoutURL = "https://dev-5695098.okta.com/oauth2/v1/logout?id_token_hint=" + oidcToken + "&post_logout_redirect_uri=" + baseURL expectedOIDCLogoutURLWithRootPath = "https://dev-5695098.okta.com/oauth2/v1/logout?id_token_hint=" + oidcToken + "&post_logout_redirect_uri=" + baseURL + "/" + rootPath ) @@ -181,6 +182,34 @@ func TestHandlerConstructLogoutURL(t *testing.T) { }, }, ) + kubeClientWithoutOIDCAndMultipleURLs := fake.NewSimpleClientset( + &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: "default", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{ + "url": "http://localhost:4000", + "additionalUrls": "- http://argocd.my-corp.tld", + }, + }, + &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDSecretName, + Namespace: "default", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string][]byte{ + "admin.password": nil, + "server.secretkey": nil, + }, + }, + ) kubeClientWithoutOIDCConfig := fake.NewSimpleClientset( &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -212,6 +241,7 @@ func TestHandlerConstructLogoutURL(t *testing.T) { settingsManagerWithOIDCConfig := settings.NewSettingsManager(context.Background(), kubeClientWithOIDCConfig, "default") settingsManagerWithoutOIDCConfig := settings.NewSettingsManager(context.Background(), kubeClientWithoutOIDCConfig, "default") settingsManagerWithOIDCConfigButNoLogoutURL := settings.NewSettingsManager(context.Background(), kubeClientWithOIDCConfigButNoLogoutURL, "default") + settingsManagerWithoutOIDCAndMultipleURLs := settings.NewSettingsManager(context.Background(), kubeClientWithoutOIDCAndMultipleURLs, "default") settingsManagerWithOIDCConfigButNoURL := settings.NewSettingsManager(context.Background(), kubeClientWithOIDCConfigButNoURL, "default") sessionManager := session.NewSessionManager(settingsManagerWithOIDCConfig, test.NewFakeProjLister(), "", nil, session.NewUserStateStorage(nil)) @@ -237,6 +267,13 @@ func TestHandlerConstructLogoutURL(t *testing.T) { } return &jwt.RegisteredClaims{Issuer: "okta"}, "", nil } + nonoidcHandlerWithMultipleURLs := NewHandler(appclientset.NewSimpleClientset(), settingsManagerWithoutOIDCAndMultipleURLs, sessionManager, "", baseHRef, "default") + nonoidcHandlerWithMultipleURLs.verifyToken = func(tokenString string) (jwt.Claims, string, error) { + if !validJWTPattern.MatchString(tokenString) { + return nil, "", errors.New("invalid jwt") + } + return &jwt.RegisteredClaims{Issuer: "okta"}, "", nil + } oidcHandlerWithoutBaseURL := NewHandler(appclientset.NewSimpleClientset(), settingsManagerWithOIDCConfigButNoURL, sessionManager, "argocd", baseHRef, "default") oidcHandlerWithoutBaseURL.verifyToken = func(tokenString string) (jwt.Claims, string, error) { @@ -258,7 +295,10 @@ func TestHandlerConstructLogoutURL(t *testing.T) { nonoidcRequest, err := http.NewRequest(http.MethodGet, "http://localhost:4000/api/logout", nil) require.NoError(t, err) nonoidcRequest.Header = nonOidcTokenHeader - require.NoError(t, err) + nonoidcRequestOnSecondHost, err := http.NewRequest(http.MethodGet, "http://argocd.my-corp.tld/api/logout", nil) + assert.NoError(t, err) + nonoidcRequestOnSecondHost.Header = nonOidcTokenHeader + assert.NoError(t, err) requestWithInvalidToken, err := http.NewRequest(http.MethodGet, "http://localhost:4000/api/logout", nil) require.NoError(t, err) requestWithInvalidToken.Header = invalidHeader @@ -322,14 +362,30 @@ func TestHandlerConstructLogoutURL(t *testing.T) { expectedLogoutURL: expectedNonOIDCLogoutURL, wantErr: false, }, + { + name: "Case:non-OIDC Logout request on the first supported URL", + handler: nonoidcHandlerWithMultipleURLs, + request: nonoidcRequest, + responseRecorder: httptest.NewRecorder(), + expectedLogoutURL: expectedNonOIDCLogoutURL, + wantErr: false, + }, + { + name: "Case:non-OIDC Logout request on the second supported URL", + handler: nonoidcHandlerWithMultipleURLs, + request: nonoidcRequestOnSecondHost, + responseRecorder: httptest.NewRecorder(), + expectedLogoutURL: expectedNonOIDCLogoutURLOnSecondHost, + wantErr: false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { tt.handler.ServeHTTP(tt.responseRecorder, tt.request) if status := tt.responseRecorder.Code; status != http.StatusSeeOther { if !tt.wantErr { - t.Errorf(tt.responseRecorder.Body.String()) - t.Errorf("handler returned wrong status code: " + fmt.Sprintf("%d", tt.responseRecorder.Code)) + t.Error(tt.responseRecorder.Body.String()) + t.Error("handler returned wrong status code: " + fmt.Sprintf("%d", tt.responseRecorder.Code)) } } else { if tt.wantErr { diff --git a/server/metrics/metrics.go b/server/metrics/metrics.go index 4afac9da26c02..3056a4e3e9332 100644 --- a/server/metrics/metrics.go +++ b/server/metrics/metrics.go @@ -9,6 +9,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/profile" ) @@ -18,6 +19,7 @@ type MetricsServer struct { redisRequestHistogram *prometheus.HistogramVec extensionRequestCounter *prometheus.CounterVec extensionRequestDuration *prometheus.HistogramVec + argoVersion *prometheus.GaugeVec } var ( @@ -51,6 +53,13 @@ var ( }, []string{"extension"}, ) + argoVersion = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "argocd_info", + Help: "ArgoCD version information", + }, + []string{"version"}, + ) ) // NewMetricsServer returns a new prometheus server which collects api server metrics @@ -61,12 +70,15 @@ func NewMetricsServer(host string, port int) *MetricsServer { registry, prometheus.DefaultGatherer, }, promhttp.HandlerOpts{})) + argoVersion.WithLabelValues(common.GetVersion().Version).Set(1) + profile.RegisterProfiler(mux) registry.MustRegister(redisRequestCounter) registry.MustRegister(redisRequestHistogram) registry.MustRegister(extensionRequestCounter) registry.MustRegister(extensionRequestDuration) + registry.MustRegister(argoVersion) return &MetricsServer{ Server: &http.Server{ @@ -77,6 +89,7 @@ func NewMetricsServer(host string, port int) *MetricsServer { redisRequestHistogram: redisRequestHistogram, extensionRequestCounter: extensionRequestCounter, extensionRequestDuration: extensionRequestDuration, + argoVersion: argoVersion, } } diff --git a/server/project/project.go b/server/project/project.go index 74e7cf7bf0008..62487b268a705 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -58,9 +58,9 @@ type Server struct { // NewServer returns a new instance of the Project service func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appclientset.Interface, enf *rbac.Enforcer, projectLock sync.KeyLock, sessionMgr *session.SessionManager, policyEnf *rbacpolicy.RBACPolicyEnforcer, - projInformer cache.SharedIndexInformer, settingsMgr *settings.SettingsManager, db db.ArgoDB, + projInformer cache.SharedIndexInformer, settingsMgr *settings.SettingsManager, db db.ArgoDB, enableK8sEvent []string, ) *Server { - auditLogger := argo.NewAuditLogger(ns, kubeclientset, "argocd-server") + auditLogger := argo.NewAuditLogger(ns, kubeclientset, "argocd-server", enableK8sEvent) return &Server{ enf: enf, policyEnf: policyEnf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr, projInformer: projInformer, settingsMgr: settingsMgr, db: db, @@ -114,7 +114,7 @@ func (s *Server) createToken(ctx context.Context, q *project.ProjectTokenCreateR } id := q.Id if err := prj.ValidateJWTTokenID(q.Role, q.Id); err != nil { - return nil, status.Errorf(codes.InvalidArgument, err.Error()) + return nil, status.Error(codes.InvalidArgument, err.Error()) } if id == "" { uniqueId, _ := uuid.NewRandom() @@ -273,7 +273,7 @@ func (s *Server) Create(ctx context.Context, q *project.ProjectCreateRequest) (* res, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(ctx, existing, metav1.UpdateOptions{}) } else { if !reflect.DeepEqual(existing.Spec, q.GetProject().Spec) { - return nil, status.Errorf(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("project", existing.Spec, q.GetProject().Spec)) + return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("project", existing.Spec, q.GetProject().Spec)) } return existing, nil } @@ -525,7 +525,10 @@ func (s *Server) GetSyncWindowsState(ctx context.Context, q *project.SyncWindows res := &project.SyncWindowsResponse{} - windows := proj.Spec.SyncWindows.Active() + windows, err := proj.Spec.SyncWindows.Active() + if err != nil { + return nil, err + } if windows.HasWindows() { res.Windows = *windows } else { diff --git a/server/project/project_test.go b/server/project/project_test.go index a03f472696f5a..41b8af9241e39 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -6,6 +6,7 @@ import ( "strings" "testing" + "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/pkg/sync" @@ -37,6 +38,8 @@ import ( const testNamespace = "default" +var testEnableEventList []string = argo.DefaultEnableEventList() + func TestProjectServer(t *testing.T) { kubeclientset := fake.NewSimpleClientset(&corev1.ConfigMap{ ObjectMeta: v1.ObjectMeta{ @@ -91,7 +94,7 @@ func TestProjectServer(t *testing.T) { role1 := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} projectWithRole.Spec.Roles = append(projectWithRole.Spec.Roles, role1) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList) err := projectServer.NormalizeProjs() require.NoError(t, err) @@ -105,7 +108,7 @@ func TestProjectServer(t *testing.T) { enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.Destinations = nil @@ -119,7 +122,7 @@ func TestProjectServer(t *testing.T) { enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.SourceRepos = nil @@ -133,7 +136,7 @@ func TestProjectServer(t *testing.T) { enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.ClusterResourceWhitelist = []metav1.GroupKind{{}} @@ -147,7 +150,7 @@ func TestProjectServer(t *testing.T) { enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.NamespaceResourceBlacklist = []metav1.GroupKind{{}} @@ -166,7 +169,7 @@ func TestProjectServer(t *testing.T) { } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.Destinations = updatedProj.Spec.Destinations[1:] @@ -183,7 +186,7 @@ func TestProjectServer(t *testing.T) { } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.Destinations = updatedProj.Spec.Destinations[1:] @@ -202,7 +205,7 @@ func TestProjectServer(t *testing.T) { } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.SourceRepos = []string{} @@ -219,7 +222,7 @@ func TestProjectServer(t *testing.T) { } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := existingProj.DeepCopy() updatedProj.Spec.SourceRepos = []string{} @@ -239,7 +242,7 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.ApplicationSpec{Project: "test", Source: &v1alpha1.ApplicationSource{RepoURL: "https://github.com/argoproj/argo-cd.git"}}, } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := proj.DeepCopy() updatedProj.Spec.SourceRepos = []string{"https://github.com/argoproj/*"} @@ -266,7 +269,7 @@ func TestProjectServer(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) updatedProj := proj.DeepCopy() updatedProj.Spec.Destinations = []v1alpha1.ApplicationDestination{ @@ -281,7 +284,7 @@ func TestProjectServer(t *testing.T) { t.Run("TestDeleteProjectSuccessful", func(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.Delete(context.Background(), &project.ProjectQuery{Name: "test"}) @@ -294,7 +297,7 @@ func TestProjectServer(t *testing.T) { Spec: v1alpha1.AppProjectSpec{}, } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&defaultProj), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&defaultProj), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.Delete(context.Background(), &project.ProjectQuery{Name: defaultProj.Name}) statusCode, _ := status.FromError(err) @@ -308,7 +311,7 @@ func TestProjectServer(t *testing.T) { } argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.Delete(context.Background(), &project.ProjectQuery{Name: "test"}) @@ -335,7 +338,7 @@ func TestProjectServer(t *testing.T) { projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{{Name: tokenName}} argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.CreateToken(ctx, &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1}) assert.EqualError(t, err, "rpc error: code = PermissionDenied desc = permission denied: projects, update, test") }) @@ -345,7 +348,7 @@ func TestProjectServer(t *testing.T) { projectWithRole := existingProj.DeepCopy() projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{{Name: tokenName, Groups: []string{"my-group"}}} argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.CreateToken(ctx, &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1}) require.NoError(t, err) }) @@ -359,7 +362,7 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(settingsMgr, test.NewFakeProjListerFromInterface(clientset.ArgoprojV1alpha1().AppProjects("default")), "", nil, session.NewUserStateStorage(nil)) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) tokenResponse, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 100}) require.NoError(t, err) claims, _, err := sessionMgr.Parse(tokenResponse.Token) @@ -380,7 +383,7 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(settingsMgr, test.NewFakeProjListerFromInterface(clientset.ArgoprojV1alpha1().AppProjects("default")), "", nil, session.NewUserStateStorage(nil)) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) tokenResponse, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1, Id: id}) require.NoError(t, err) claims, _, err := sessionMgr.Parse(tokenResponse.Token) @@ -401,7 +404,7 @@ func TestProjectServer(t *testing.T) { sessionMgr := session.NewSessionManager(settingsMgr, test.NewFakeProjListerFromInterface(clientset.ArgoprojV1alpha1().AppProjects("default")), "", nil, session.NewUserStateStorage(nil)) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) tokenResponse, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1, Id: id}) require.NoError(t, err) @@ -430,7 +433,7 @@ func TestProjectServer(t *testing.T) { token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: issuedAt}, {IssuedAt: secondIssuedAt}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt}) assert.EqualError(t, err, "rpc error: code = PermissionDenied desc = permission denied: projects, update, test") }) @@ -443,7 +446,7 @@ func TestProjectServer(t *testing.T) { token := v1alpha1.ProjectRole{Name: tokenName, Groups: []string{"my-group"}, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: issuedAt}, {IssuedAt: secondIssuedAt}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt}) require.NoError(t, err) }) @@ -459,7 +462,7 @@ p, role:admin, projects, update, *, allow`) token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: issuedAt}, {IssuedAt: secondIssuedAt}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt}) require.NoError(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &project.ProjectQuery{Name: projWithToken.Name}) @@ -483,7 +486,7 @@ p, role:admin, projects, update, *, allow`) token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: issuedAt, ID: id}, {IssuedAt: secondIssuedAt, ID: secondId}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: secondIssuedAt, Id: id}) require.NoError(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &project.ProjectQuery{Name: projWithToken.Name}) @@ -502,7 +505,7 @@ p, role:admin, projects, update, *, allow`) token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projWithToken.Name, Role: tokenName}) require.NoError(t, err) projWithTwoTokens, err := projectServer.Get(context.Background(), &project.ProjectQuery{Name: projWithToken.Name}) @@ -516,7 +519,7 @@ p, role:admin, projects, update, *, allow`) wildSourceRepo := "*" proj.Spec.SourceRepos = append(proj.Spec.SourceRepos, wildSourceRepo) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj), enforcer, sync.NewKeyLock(), nil, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj), enforcer, sync.NewKeyLock(), nil, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: proj} updatedProj, err := projectServer.Update(context.Background(), request) require.NoError(t, err) @@ -535,7 +538,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, policyEnf, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, policyEnf, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) require.NoError(t, err) @@ -557,7 +560,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) expectedErr := fmt.Sprintf("rpc error: code = AlreadyExists desc = policy '%s' already exists for role '%s'", policy, roleName) @@ -577,7 +580,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, policy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) assert.Contains(t, err.Error(), "object must be of form 'test/*', 'test[/]/' or 'test/'") @@ -596,7 +599,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) assert.Contains(t, err.Error(), "policy subject must be: 'proj:test:testRole'") @@ -615,7 +618,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) assert.Contains(t, err.Error(), "policy subject must be: 'proj:test:testRole'") @@ -633,7 +636,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) assert.Contains(t, err.Error(), "effect must be: 'allow' or 'deny'") @@ -652,7 +655,7 @@ p, role:admin, projects, update, *, allow`) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList) request := &project.ProjectUpdateRequest{Project: projWithRole} updateProj, err := projectServer.Update(context.Background(), request) require.NoError(t, err) @@ -667,7 +670,7 @@ p, role:admin, projects, update, *, allow`) win := &v1alpha1.SyncWindow{Kind: "allow", Schedule: "* * * * *", Duration: "1h"} projectWithSyncWindows.Spec.SyncWindows = append(projectWithSyncWindows.Spec.SyncWindows, win) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList) res, err := projectServer.GetSyncWindowsState(ctx, &project.SyncWindowsQuery{Name: projectWithSyncWindows.Name}) require.NoError(t, err) assert.Len(t, res.Windows, 1) @@ -680,7 +683,7 @@ p, role:admin, projects, update, *, allow`) win := &v1alpha1.SyncWindow{Kind: "allow", Schedule: "* * * * *", Duration: "1h"} projectWithSyncWindows.Spec.SyncWindows = append(projectWithSyncWindows.Spec.SyncWindows, win) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList) res, err := projectServer.GetSyncWindowsState(ctx, &project.SyncWindowsQuery{Name: "incorrect"}) assert.Contains(t, err.Error(), "not found") assert.Nil(t, res) @@ -698,7 +701,7 @@ p, role:admin, projects, update, *, allow`) win := &v1alpha1.SyncWindow{Kind: "allow", Schedule: "* * * * *", Duration: "1h"} projectWithSyncWindows.Spec.SyncWindows = append(projectWithSyncWindows.Spec.SyncWindows, win) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB) + projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList) _, err := projectServer.GetSyncWindowsState(ctx, &project.SyncWindowsQuery{Name: projectWithSyncWindows.Name}) assert.EqualError(t, err, "rpc error: code = PermissionDenied desc = permission denied: projects, get, test") }) diff --git a/server/rbacpolicy/rbacpolicy.go b/server/rbacpolicy/rbacpolicy.go index 940f5bfe70844..0be623ae7819f 100644 --- a/server/rbacpolicy/rbacpolicy.go +++ b/server/rbacpolicy/rbacpolicy.go @@ -141,7 +141,11 @@ func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface groups := jwtutil.GetScopeValues(mapClaims, scopes) // Get groups to reduce the amount to checking groups - groupingPolicies := enforcer.GetGroupingPolicy() + groupingPolicies, err := enforcer.GetGroupingPolicy() + if err != nil { + log.WithError(err).Error("failed to get grouping policy") + return false + } for gidx := range groups { for gpidx := range groupingPolicies { // Prefilter user groups by groups defined in the model diff --git a/server/repocreds/repocreds.go b/server/repocreds/repocreds.go index d4706f6bb9970..5c0c819598fb3 100644 --- a/server/repocreds/repocreds.go +++ b/server/repocreds/repocreds.go @@ -93,7 +93,7 @@ func (s *Server) CreateRepositoryCredentials(ctx context.Context, q *repocredspk } else if q.Upsert { return s.UpdateRepositoryCredentials(ctx, &repocredspkg.RepoCredsUpdateRequest{Creds: r}) } else { - return nil, status.Errorf(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository credentials", existing, r)) + return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository credentials", existing, r)) } } return &appsv1.RepoCreds{URL: r.URL}, err diff --git a/server/repository/repository.go b/server/repository/repository.go index c73eb0d657ac7..efb0029be846a 100644 --- a/server/repository/repository.go +++ b/server/repository/repository.go @@ -188,17 +188,21 @@ func (s *Server) ListRepositories(ctx context.Context, q *repositorypkg.RepoQuer } // remove secrets items = append(items, &appsv1.Repository{ - Repo: repo.Repo, - Type: rType, - Name: repo.Name, - Username: repo.Username, - Insecure: repo.IsInsecure(), - EnableLFS: repo.EnableLFS, - EnableOCI: repo.EnableOCI, - Proxy: repo.Proxy, - Project: repo.Project, - ForceHttpBasicAuth: repo.ForceHttpBasicAuth, - InheritedCreds: repo.InheritedCreds, + Repo: repo.Repo, + Type: rType, + Name: repo.Name, + Username: repo.Username, + Insecure: repo.IsInsecure(), + EnableLFS: repo.EnableLFS, + EnableOCI: repo.EnableOCI, + Proxy: repo.Proxy, + NoProxy: repo.NoProxy, + Project: repo.Project, + ForceHttpBasicAuth: repo.ForceHttpBasicAuth, + InheritedCreds: repo.InheritedCreds, + GithubAppId: repo.GithubAppId, + GithubAppInstallationId: repo.GithubAppInstallationId, + GitHubAppEnterpriseBaseURL: repo.GitHubAppEnterpriseBaseURL, }) } } @@ -350,6 +354,15 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta return nil, err } + refSources := make(appsv1.RefTargetRevisionMapping) + if app != nil && app.Spec.HasMultipleSources() { + // Store the map of all sources having ref field into a map for applications with sources field + refSources, err = argo.GetRefSources(ctx, app.Spec.Sources, q.AppProject, s.db.GetRepository, []string{}, false) + if err != nil { + return nil, fmt.Errorf("failed to get ref sources: %w", err) + } + } + return repoClient.GetAppDetails(ctx, &apiclient.RepoServerAppDetailsQuery{ Repo: repo, Source: q.Source, @@ -357,6 +370,7 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta KustomizeOptions: kustomizeOptions, HelmOptions: helmOptions, AppName: q.AppName, + RefSources: refSources, }) } @@ -432,7 +446,7 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea r.Project = q.Repo.Project return s.UpdateRepository(ctx, &repositorypkg.RepoUpdateRequest{Repo: r}) } else { - return nil, status.Errorf(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository", existing, r)) + return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository", existing, r)) } } if err != nil { diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index 72354633048dc..2b69aff2671a0 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -21,6 +21,7 @@ import ( "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" + repositorypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" fakeapps "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" appinformer "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" @@ -1057,3 +1058,35 @@ func TestGetRepository(t *testing.T) { }) } } + +func TestDeleteRepository(t *testing.T) { + repositories := map[string]string{ + "valid": "https://bitbucket.org/workspace/repo.git", + // Check a wrongly formatter repo as well, see https://github.com/argoproj/argo-cd/issues/20921 + "invalid": "git clone https://bitbucket.org/workspace/repo.git", + } + + kubeclientset := fake.NewSimpleClientset(&argocdCM, &argocdSecret) + settingsMgr := settings.NewSettingsManager(context.Background(), kubeclientset, testNamespace) + + for name, repo := range repositories { + t.Run(name, func(t *testing.T) { + repoServerClient := mocks.RepoServerServiceClient{} + repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) + + repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} + enforcer := newEnforcer(kubeclientset) + + db := &dbmocks.ArgoDB{} + db.On("DeleteRepository", context.TODO(), repo, "default").Return(nil) + db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{{Repo: repo, Project: "default"}}, nil) + db.On("GetRepository", context.TODO(), repo, "default").Return(&appsv1.Repository{Repo: repo, Project: "default"}, nil) + appLister, projLister := newAppAndProjLister(defaultProj) + + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + resp, err := s.DeleteRepository(context.TODO(), &repository.RepoQuery{Repo: repo, AppProject: "default"}) + require.NoError(t, err) + assert.Equal(t, repositorypkg.RepoResponse{}, *resp) + }) + } +} diff --git a/server/server.go b/server/server.go index 101228f4cf6e5..a6b07cedee249 100644 --- a/server/server.go +++ b/server/server.go @@ -59,8 +59,10 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" + "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient" @@ -168,6 +170,7 @@ func init() { // ArgoCDServer is the API server for Argo CD type ArgoCDServer struct { ArgoCDServerOpts + ApplicationSetOpts ssoClientApp *oidc.ClientApp settings *settings_util.ArgoCDSettings @@ -199,31 +202,43 @@ type ArgoCDServer struct { } type ArgoCDServerOpts struct { - DisableAuth bool - ContentTypes []string - EnableGZip bool - Insecure bool - StaticAssetsDir string - ListenPort int - ListenHost string - MetricsPort int - MetricsHost string - Namespace string - DexServerAddr string - DexTLSConfig *dexutil.DexTLSConfig - BaseHRef string - RootPath string - KubeClientset kubernetes.Interface - AppClientset appclientset.Interface - RepoClientset repoapiclient.Clientset - Cache *servercache.Cache - RepoServerCache *repocache.Cache - RedisClient *redis.Client - TLSConfigCustomizer tlsutil.ConfigCustomizer - XFrameOptions string - ContentSecurityPolicy string - ApplicationNamespaces []string - EnableProxyExtension bool + DisableAuth bool + ContentTypes []string + EnableGZip bool + Insecure bool + StaticAssetsDir string + ListenPort int + ListenHost string + MetricsPort int + MetricsHost string + Namespace string + DexServerAddr string + DexTLSConfig *dexutil.DexTLSConfig + BaseHRef string + RootPath string + DynamicClientset dynamic.Interface + KubeControllerClientset client.Client + KubeClientset kubernetes.Interface + AppClientset appclientset.Interface + RepoClientset repoapiclient.Clientset + Cache *servercache.Cache + RepoServerCache *repocache.Cache + RedisClient *redis.Client + TLSConfigCustomizer tlsutil.ConfigCustomizer + XFrameOptions string + ContentSecurityPolicy string + ApplicationNamespaces []string + EnableProxyExtension bool + WebhookParallelism int + EnableK8sEvent []string +} + +type ApplicationSetOpts struct { + GitSubmoduleEnabled bool + EnableNewGitFileGlobbing bool + ScmRootCAPath string + AllowedScmProviders []string + EnableScmProviders bool } // HTTPMetricsRegistry exposes operations to update http metrics in the Argo CD @@ -260,7 +275,7 @@ func initializeDefaultProject(opts ArgoCDServerOpts) error { } // NewServer returns a new instance of the Argo CD API server -func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { +func NewServer(ctx context.Context, opts ArgoCDServerOpts, appsetOpts ApplicationSetOpts) *ArgoCDServer { settingsMgr := settings_util.NewSettingsManager(ctx, opts.KubeClientset, opts.Namespace) settings, err := settingsMgr.InitializeSettings(opts.Insecure) errorsutil.CheckError(err) @@ -313,29 +328,31 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { sg := extension.NewDefaultSettingsGetter(settingsMgr) ag := extension.NewDefaultApplicationGetter(appLister) pg := extension.NewDefaultProjectGetter(projLister, dbInstance) - em := extension.NewManager(logger, sg, ag, pg, enf) + ug := extension.NewDefaultUserGetter(policyEnf) + em := extension.NewManager(logger, opts.Namespace, sg, ag, pg, enf, ug) a := &ArgoCDServer{ - ArgoCDServerOpts: opts, - log: logger, - settings: settings, - sessionMgr: sessionMgr, - settingsMgr: settingsMgr, - enf: enf, - projInformer: projInformer, - projLister: projLister, - appInformer: appInformer, - appLister: appLister, - appsetInformer: appsetInformer, - appsetLister: appsetLister, - policyEnforcer: policyEnf, - userStateStorage: userStateStorage, - staticAssets: http.FS(staticFS), - db: dbInstance, - apiFactory: apiFactory, - secretInformer: secretInformer, - configMapInformer: configMapInformer, - extensionManager: em, + ArgoCDServerOpts: opts, + ApplicationSetOpts: appsetOpts, + log: logger, + settings: settings, + sessionMgr: sessionMgr, + settingsMgr: settingsMgr, + enf: enf, + projInformer: projInformer, + projLister: projLister, + appInformer: appInformer, + appLister: appLister, + appsetInformer: appsetInformer, + appsetLister: appsetLister, + policyEnforcer: policyEnf, + userStateStorage: userStateStorage, + staticAssets: http.FS(staticFS), + db: dbInstance, + apiFactory: apiFactory, + secretInformer: secretInformer, + configMapInformer: configMapInformer, + extensionManager: em, } err = a.logInClusterWarnings() @@ -475,6 +492,7 @@ func (a *ArgoCDServer) Listen() (*Listeners, error) { } else { dOpts = append(dOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) } + // nolint:staticcheck conn, err := grpc.Dial(fmt.Sprintf("localhost:%d", a.ListenPort), dOpts...) if err != nil { io.Close(mainLn) @@ -633,6 +651,7 @@ func (a *ArgoCDServer) watchSettings() { a.settingsMgr.Subscribe(updateCh) prevURL := a.settings.URL + prevAdditionalURLs := a.settings.AdditionalURLs prevOIDCConfig := a.settings.OIDCConfig() prevDexCfgBytes, err := dexutil.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) errorsutil.CheckError(err) @@ -664,6 +683,10 @@ func (a *ArgoCDServer) watchSettings() { log.Infof("url modified. restarting") break } + if !reflect.DeepEqual(prevAdditionalURLs, a.settings.AdditionalURLs) { + log.Infof("additionalURLs modified. restarting") + break + } if prevGitHubSecret != a.settings.WebhookGitHubSecret { log.Infof("github secret modified. restarting") break @@ -684,7 +707,7 @@ func (a *ArgoCDServer) watchSettings() { log.Infof("gogs secret modified. restarting") break } - if prevExtConfig != a.settings.ExtensionConfig { + if !reflect.DeepEqual(prevExtConfig, a.settings.ExtensionConfig) { prevExtConfig = a.settings.ExtensionConfig log.Infof("extensions configs modified. Updating proxy registry...") err := a.extensionManager.UpdateExtensionRegistry(a.settings) @@ -718,7 +741,7 @@ func (a *ArgoCDServer) rbacPolicyLoader(ctx context.Context) { scopes = make([]string, 0) err := yaml.Unmarshal([]byte(scopesStr), &scopes) if err != nil { - return err + return fmt.Errorf("error unmarshalling scopes: %w", err) } } @@ -864,12 +887,17 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { projectLock, a.settingsMgr, a.projInformer, - a.ApplicationNamespaces) + a.ApplicationNamespaces, + a.EnableK8sEvent, + ) applicationSetService := applicationset.NewServer( a.db, a.KubeClientset, + a.DynamicClientset, + a.KubeControllerClientset, a.enf, + a.RepoClientset, a.AppClientset, a.appsetInformer, a.appsetLister, @@ -877,9 +905,16 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { a.settingsMgr, a.Namespace, projectLock, - a.ApplicationNamespaces) - - projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr, a.policyEnforcer, a.projInformer, a.settingsMgr, a.db) + a.ApplicationNamespaces, + a.GitSubmoduleEnabled, + a.EnableNewGitFileGlobbing, + a.ScmRootCAPath, + a.AllowedScmProviders, + a.EnableScmProviders, + a.EnableK8sEvent, + ) + + projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr, a.policyEnforcer, a.projInformer, a.settingsMgr, a.db, a.EnableK8sEvent) appsInAnyNamespaceEnabled := len(a.ArgoCDServerOpts.ApplicationNamespaces) > 0 settingsService := settings.NewServer(a.settingsMgr, a.RepoClientset, a, a.DisableAuth, appsInAnyNamespaceEnabled) accountService := account.NewServer(a.sessionMgr, a.settingsMgr, a.enf) @@ -920,7 +955,7 @@ func (a *ArgoCDServer) translateGrpcCookieHeader(ctx context.Context, w http.Res token := sessionResp.Token err := a.setTokenCookie(token, w) if err != nil { - return err + return fmt.Errorf("error setting token cookie from session response: %w", err) } } else if md, ok := runtime.ServerMetadataFromContext(ctx); ok { renewToken := md.HeaderMD[renewTokenKey] @@ -940,7 +975,7 @@ func (a *ArgoCDServer) setTokenCookie(token string, w http.ResponseWriter) error } cookies, err := httputil.MakeCookieMetadata(common.AuthCookieName, token, flags...) if err != nil { - return err + return fmt.Errorf("error creating cookie metadata: %w", err) } for _, cookie := range cookies { w.Header().Add("Set-Cookie", cookie) @@ -1011,7 +1046,9 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl } mux.Handle("/api/", handler) - terminal := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells, a.sessionMgr). + terminalOpts := application.TerminalOptions{DisableAuth: a.ArgoCDServerOpts.DisableAuth, Enf: a.enf} + + terminal := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.Cache, appResourceTreeFn, a.settings.ExecShells, a.sessionMgr, &terminalOpts). WithFeatureFlagMiddleware(a.settingsMgr.GetSettings) th := util_session.WithAuthMiddleware(a.DisableAuth, a.sessionMgr, terminal) mux.Handle("/terminal", th) @@ -1047,7 +1084,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl // Webhook handler for git events (Note: cache timeouts are hardcoded because API server does not write to cache and not really using them) argoDB := db.NewDB(a.Namespace, a.settingsMgr, a.KubeClientset) - acdWebhookHandler := webhook.NewHandler(a.Namespace, a.ArgoCDServerOpts.ApplicationNamespaces, a.AppClientset, a.settings, a.settingsMgr, a.RepoServerCache, a.Cache, argoDB, a.settingsMgr.GetMaxWebhookPayloadSize()) + acdWebhookHandler := webhook.NewHandler(a.Namespace, a.ArgoCDServerOpts.ApplicationNamespaces, a.ArgoCDServerOpts.WebhookParallelism, a.AppClientset, a.settings, a.settingsMgr, a.RepoServerCache, a.Cache, argoDB, a.settingsMgr.GetMaxWebhookPayloadSize()) mux.HandleFunc("/api/webhook", acdWebhookHandler.Handler) @@ -1511,7 +1548,7 @@ func bug21955WorkaroundInterceptor(ctx context.Context, req interface{}, _ *grpc return handler(ctx, req) } -// allowedNamespacesAsString returns a string containing comma-separated list +// allowedApplicationNamespacesAsString returns a string containing comma-separated list // of allowed application namespaces func (a *ArgoCDServer) allowedApplicationNamespacesAsString() string { ns := a.Namespace diff --git a/server/server_test.go b/server/server_test.go index 13bb3d6770753..7923db7f3e9d6 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -19,9 +19,13 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/grpc/metadata" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/fake" "sigs.k8s.io/yaml" + dynfake "k8s.io/client-go/dynamic/fake" + clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" @@ -52,10 +56,12 @@ func fakeServer(t *testing.T) (*FakeArgoCDServer, func()) { kubeclientset := fake.NewSimpleClientset(cm, secret) appClientSet := apps.NewSimpleClientset() redis, closer := test.NewInMemoryRedis() - port, err := test.GetFreePort() mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} tmpAssetsDir := t.TempDir() + dynamicClient := dynfake.NewSimpleDynamicClient(runtime.NewScheme()) + fakeClient := clientfake.NewClientBuilder().Build() + port, err := test.GetFreePort() if err != nil { panic(err) } @@ -78,11 +84,13 @@ func fakeServer(t *testing.T) (*FakeArgoCDServer, func()) { 1*time.Minute, 1*time.Minute, ), - RedisClient: redis, - RepoClientset: mockRepoClient, - StaticAssetsDir: tmpAssetsDir, + RedisClient: redis, + RepoClientset: mockRepoClient, + StaticAssetsDir: tmpAssetsDir, + DynamicClientset: dynamicClient, + KubeControllerClientset: fakeClient, } - srv := NewServer(context.Background(), argoCDOpts) + srv := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) fakeSrv := &FakeArgoCDServer{srv, tmpAssetsDir} return fakeSrv, closer } @@ -118,7 +126,7 @@ func TestEnforceProjectToken(t *testing.T) { mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} t.Run("TestEnforceProjectTokenSuccessful", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} @@ -127,21 +135,21 @@ func TestEnforceProjectToken(t *testing.T) { }) t.Run("TestEnforceProjectTokenWithDiffCreateAtFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) diffCreateAt := defaultIssuedAt + 1 claims := jwt.MapClaims{"sub": defaultSub, "iat": diffCreateAt} assert.False(t, s.enf.Enforce(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceProjectTokenIncorrectSubFormatFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) invalidSub := "proj:test" claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt} assert.False(t, s.enf.Enforce(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceProjectTokenNoTokenFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) nonExistentToken := "fake-token" invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt} @@ -151,7 +159,7 @@ func TestEnforceProjectToken(t *testing.T) { t.Run("TestEnforceProjectTokenNotJWTTokenFailure", func(t *testing.T) { proj := existingProj.DeepCopy() proj.Spec.Roles[0].JWTTokens = nil - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} assert.False(t, s.enf.Enforce(claims, "applications", "get", defaultTestObject)) }) @@ -164,7 +172,7 @@ func TestEnforceProjectToken(t *testing.T) { proj := existingProj.DeepCopy() proj.Spec.Roles[0] = role - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} @@ -175,7 +183,7 @@ func TestEnforceProjectToken(t *testing.T) { }) t.Run("TestEnforceProjectTokenWithIdSuccessful", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "jti": defaultId} @@ -184,7 +192,7 @@ func TestEnforceProjectToken(t *testing.T) { }) t.Run("TestEnforceProjectTokenWithInvalidIdFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) invalidId := "invalidId" claims := jwt.MapClaims{"sub": defaultSub, "jti": defaultId} res := s.enf.Enforce(claims, "applications", "get", invalidId) @@ -268,7 +276,7 @@ func TestInitializingExistingDefaultProject(t *testing.T) { RepoClientset: mockRepoClient, } - argocd := NewServer(context.Background(), argoCDOpts) + argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) assert.NotNil(t, argocd) proj, err := appClientSet.ArgoprojV1alpha1().AppProjects(test.FakeArgoCDNamespace).Get(context.Background(), v1alpha1.DefaultAppProjectName, metav1.GetOptions{}) @@ -291,7 +299,7 @@ func TestInitializingNotExistingDefaultProject(t *testing.T) { RepoClientset: mockRepoClient, } - argocd := NewServer(context.Background(), argoCDOpts) + argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) assert.NotNil(t, argocd) proj, err := appClientSet.ArgoprojV1alpha1().AppProjects(test.FakeArgoCDNamespace).Get(context.Background(), v1alpha1.DefaultAppProjectName, metav1.GetOptions{}) @@ -333,7 +341,7 @@ func TestEnforceProjectGroups(t *testing.T) { } mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{ @@ -395,7 +403,7 @@ func TestRevokedToken(t *testing.T) { }, } - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} @@ -450,7 +458,7 @@ func TestAuthenticate(t *testing.T) { AppClientset: appClientSet, RepoClientset: mockRepoClient, } - argocd := NewServer(context.Background(), argoCDOpts) + argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) ctx := context.Background() if testData.user != "" { token, err := argocd.sessionMgr.Create(testData.user, 0, "abc") @@ -587,7 +595,7 @@ connectors: if withFakeSSO && useDexForSSO { argoCDOpts.DexServerAddr = ts.URL } - argocd = NewServer(context.Background(), argoCDOpts) + argocd = NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) var err error argocd.ssoClientApp, err = oidc.NewClientApp(argocd.settings, argocd.DexServerAddr, argocd.DexTLSConfig, argocd.BaseHRef, cache.NewInMemoryCache(24*time.Hour)) require.NoError(t, err) @@ -1071,7 +1079,7 @@ func TestTranslateGrpcCookieHeader(t *testing.T) { AppClientset: apps.NewSimpleClientset(), RepoClientset: &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}}, } - argocd := NewServer(context.Background(), argoCDOpts) + argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) t.Run("TokenIsNotEmpty", func(t *testing.T) { recorder := httptest.NewRecorder() diff --git a/server/settings/settings.go b/server/settings/settings.go index 131ddc1924b27..a598b5284f743 100644 --- a/server/settings/settings.go +++ b/server/settings/settings.go @@ -112,6 +112,7 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin TrackingMethod: trackingMethod, ExecEnabled: argoCDSettings.ExecEnabled, AppsInAnyNamespaceEnabled: s.appsInAnyNamespaceEnabled, + ImpersonationEnabled: argoCDSettings.ImpersonationEnabled, } if sessionmgr.LoggedIn(ctx) || s.disableAuth { diff --git a/server/settings/settings.proto b/server/settings/settings.proto index a6aa97120c8de..943aea41cd207 100644 --- a/server/settings/settings.proto +++ b/server/settings/settings.proto @@ -42,6 +42,8 @@ message Settings { bool execEnabled = 22; string controllerNamespace = 23; bool appsInAnyNamespaceEnabled = 24; + bool impersonationEnabled = 25; + string installationID = 26; } message GoogleAnalyticsConfig { diff --git a/test/container/Dockerfile b/test/container/Dockerfile index bcacb28dcfa8d..8d1cfcc98e818 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/redis:7.2.5@sha256:e422889e156ebea83856b6ff973bfe0c86bce867d80def228044eeecf925592b as redis +FROM docker.io/library/redis:7.4.0@sha256:eadf354977d428e347d93046bb1a5569d701e8deb68f090215534a99dbcb23b9 as redis # There are libraries we will want to copy from here in the final stage of the # build, but the COPY directive does not have a way to determine system @@ -6,13 +6,13 @@ FROM docker.io/library/redis:7.2.5@sha256:e422889e156ebea83856b6ff973bfe0c86bce8 RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:22.3.0@sha256:5e4044ff6001d06e7748e35bfa4f80c73cf5f5a7360a1b782995e038a01b0585 as node +FROM docker.io/library/node:22.8.0@sha256:bd00c03095f7586432805dbf7989be10361d27987f93de904b1fc003949a4794 as node -FROM docker.io/library/golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f as golang +FROM docker.io/library/golang:1.23@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 as golang -FROM docker.io/library/registry:2.8@sha256:4fac7a8257b1d7a86599043fcc181dfbdf9c8f57e337db763ac94b0e67c6cfb5 as registry +FROM docker.io/library/registry:2.8@sha256:ac0192b549007e22998eb74e8d8488dcfe70f1489520c3b144a6047ac5efbe90 as registry -FROM docker.io/bitnami/kubectl:1.30@sha256:e704ebf9f6974d506d2dbff33dea28b6e996887e60c4ab298c78e10a3d81e249 as kubectl +FROM docker.io/bitnami/kubectl:1.31@sha256:27e5f500a2de2ba249a159c4af0b075500ad8a1afaa59ba1edf09bf83c656fd4 as kubectl FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 @@ -93,7 +93,8 @@ COPY ./test/container/entrypoint.sh /usr/local/bin ARG UID # Prepare user configuration & build environments -RUN useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ +RUN userdel -r ubuntu && \ + useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user && \ mkdir -p /home/user/.kube && \ mkdir -p /home/user/.cache && \ @@ -101,6 +102,7 @@ RUN useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ chgrp -R user /home/user && \ HOME=/home/user git config --global user.name "ArgoCD Test User" && \ HOME=/home/user git config --global user.email "noreply@example.com" && \ + HOME=/home/user git config --global --add safe.directory '*' && \ mkdir -p /go/pkg && \ mkdir -p /var/run/sshd && \ mkdir -p /root/.ssh && \ diff --git a/test/container/Procfile b/test/container/Procfile index 3ec9add44d5a7..4cebac203f76d 100644 --- a/test/container/Procfile +++ b/test/container/Procfile @@ -1,6 +1,6 @@ controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}" api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} " -dex: sh -c "test $ARGOCD_IN_CI = true && exit 0; ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.38.0 serve /dex.yaml" +dex: sh -c "test $ARGOCD_IN_CI = true && exit 0; ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.41.1 serve /dex.yaml" redis: sh -c "/usr/local/bin/redis-server --save "" --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}" repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_BINARY_NAME=argocd-repo-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}" ui: sh -c "test $ARGOCD_IN_CI = true && exit 0; cd ui && ARGOCD_E2E_YARN_HOST=0.0.0.0 ${ARGOCD_E2E_YARN_CMD:-yarn} start" diff --git a/test/e2e/accounts_test.go b/test/e2e/accounts_test.go index c238aacb728b5..7f3f056a952c9 100644 --- a/test/e2e/accounts_test.go +++ b/test/e2e/accounts_test.go @@ -2,7 +2,6 @@ package e2e import ( "context" - "strings" "testing" "github.com/argoproj/pkg/errors" @@ -50,7 +49,7 @@ func TestCanIGetLogsAllowNoSwitch(t *testing.T) { CanIGetLogs(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(output, "yes")) + assert.Contains(t, output, "yes") }) } @@ -65,7 +64,7 @@ func TestCanIGetLogsDenySwitchOn(t *testing.T) { CanIGetLogs(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(output, "no")) + assert.Contains(t, output, "no") }) } @@ -93,7 +92,7 @@ func TestCanIGetLogsAllowSwitchOn(t *testing.T) { CanIGetLogs(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(output, "yes")) + assert.Contains(t, output, "yes") }) } @@ -108,7 +107,7 @@ func TestCanIGetLogsAllowSwitchOff(t *testing.T) { CanIGetLogs(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(output, "yes")) + assert.Contains(t, output, "yes") }) } diff --git a/test/e2e/admin_test.go b/test/e2e/admin_test.go new file mode 100644 index 0000000000000..a896888b1b55f --- /dev/null +++ b/test/e2e/admin_test.go @@ -0,0 +1,79 @@ +package e2e + +import ( + "context" + "testing" + + "github.com/argoproj/gitops-engine/pkg/utils/kube" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/admin" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/admin/utils" + appfixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" +) + +func TestBackupExportImport(t *testing.T) { + var exportRawOutput string + ctx := Given(t) + // Create application in argocd namespace + appctx := appfixture.GivenWithSameState(t) + + // Create application in test namespace + appctx. + Path(guestbookPath). + Name("exported-app1"). + When(). + CreateApp(). + Then(). + And(func(app *Application) { + assert.Equal(t, "exported-app1", app.Name) + assert.Equal(t, fixture.TestNamespace(), app.Namespace) + }) + + // Create app in other namespace + appctx. + Path(guestbookPath). + Name("exported-app-other-namespace"). + SetAppNamespace(fixture.AppNamespace()). + When(). + CreateApp(). + Then(). + And(func(app *Application) { + assert.Equal(t, "exported-app-other-namespace", app.Name) + assert.Equal(t, fixture.AppNamespace(), app.Namespace) + }) + + ctx. + When(). + RunExport(). + Then(). + AndCLIOutput(func(output string, err error) { + require.NoError(t, err, "export finished with error") + exportRawOutput = output + }). + AndExportedResources(func(exportResources *ExportedResources, err error) { + require.NoError(t, err, "export format not valid") + assert.True(t, exportResources.HasResource(kube.NewResourceKey("", "ConfigMap", "", "argocd-cm")), "argocd-cm not found in export") + assert.True(t, exportResources.HasResource(kube.NewResourceKey(ApplicationSchemaGroupVersionKind.Group, ApplicationSchemaGroupVersionKind.Kind, "", "exported-app1")), "test namespace application not in export") + assert.True(t, exportResources.HasResource(kube.NewResourceKey(ApplicationSchemaGroupVersionKind.Group, ApplicationSchemaGroupVersionKind.Kind, fixture.AppNamespace(), "exported-app-other-namespace")), "app namespace application not in export") + }) + + // Test import - clean state + ctx = Given(t) + + ctx. + When(). + RunImport(exportRawOutput). + Then(). + AndCLIOutput(func(output string, err error) { + require.NoError(t, err, "import finished with error") + _, err = fixture.AppClientset.ArgoprojV1alpha1().Applications(fixture.TestNamespace()).Get(context.Background(), "exported-app1", v1.GetOptions{}) + require.NoError(t, err, "failed getting test namespace application after import") + _, err = fixture.AppClientset.ArgoprojV1alpha1().Applications(fixture.AppNamespace()).Get(context.Background(), "exported-app-other-namespace", v1.GetOptions{}) + require.NoError(t, err, "failed getting app namespace application after import") + }) +} diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index 249733e10810c..f590b0a71a8a4 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -347,7 +347,7 @@ func TestNamespacedAppCreationWithoutForceUpdate(t *testing.T) { }). When(). IgnoreErrors(). - CreateApp(). + CreateApp("--dest-server", KubernetesInternalAPIServerAddr). Then(). Expect(Error("", "existing application spec is different, use upsert flag to force update")) } @@ -2291,6 +2291,7 @@ definitions: } func TestNamespacedAppLogs(t *testing.T) { + t.SkipNow() // Too flaky. https://github.com/argoproj/argo-cd/issues/13834 SkipOnEnv(t, "OPENSHIFT") Given(t). SetAppNamespace(AppNamespace()). diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index c7a6b82d98afb..ad21a6640864a 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "reflect" - "regexp" "testing" "time" @@ -451,7 +450,7 @@ func TestAppCreationWithoutForceUpdate(t *testing.T) { }). When(). IgnoreErrors(). - CreateApp(). + CreateApp("--dest-server", KubernetesInternalAPIServerAddr). Then(). Expect(Error("", "existing application spec is different, use upsert flag to force update")) } @@ -770,7 +769,7 @@ func assetSecretDataHidden(t *testing.T, manifest string) { require.NoError(t, err) assert.True(t, hasData) for _, v := range secretData { - assert.Regexp(t, regexp.MustCompile(`[*]*`), v) + assert.Regexp(t, `[*]*`, v) } var lastAppliedConfigAnnotation string annotations := secret.GetAnnotations() @@ -808,8 +807,8 @@ func TestAppWithSecrets(t *testing.T) { manifests, err := client.GetManifests(context.Background(), &applicationpkg.ApplicationManifestQuery{Name: &app.Name}) errors.CheckError(err) - for _, manifest := range manifests.GetCompiledManifests() { - assetSecretDataHidden(t, manifest) + for _, manifest := range manifests.Manifests { + assetSecretDataHidden(t, manifest.CompiledManifest) } diffOutput := FailOnErr(RunCli("app", "diff", app.Name)).(string) @@ -2420,6 +2419,7 @@ definitions: } func TestAppLogs(t *testing.T) { + t.SkipNow() // Too flaky. https://github.com/argoproj/argo-cd/issues/13834 SkipOnEnv(t, "OPENSHIFT") Given(t). Path("guestbook-logs"). @@ -2880,3 +2880,92 @@ func TestAnnotationTrackingExtraResources(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)) } + +func TestCreateConfigMapsAndWaitForUpdate(t *testing.T) { + Given(t). + Path("config-map"). + When(). + CreateApp(). + Sync(). + Then(). + And(func(app *Application) { + _, err := RunCli("app", "set", app.Name, "--sync-policy", "automated") + require.NoError(t, err) + }). + When(). + AddFile("other-configmap.yaml", ` +apiVersion: v1 +kind: ConfigMap +metadata: + name: other-map + annotations: + argocd.argoproj.io/sync-wave: "1" +data: + foo2: bar2`). + AddFile("yet-another-configmap.yaml", ` +apiVersion: v1 +kind: ConfigMap +metadata: + name: yet-another-map + annotations: + argocd.argoproj.io/sync-wave: "2" +data: + foo3: bar3`). + PatchFile("kustomization.yaml", `[{"op": "add", "path": "/resources/-", "value": "other-configmap.yaml"}, {"op": "add", "path": "/resources/-", "value": "yet-another-configmap.yaml"}]`). + Refresh(RefreshTypeNormal). + Wait(). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(HealthIs(health.HealthStatusHealthy)). + Expect(ResourceHealthWithNamespaceIs("ConfigMap", "other-map", DeploymentNamespace(), health.HealthStatusHealthy)). + Expect(ResourceSyncStatusWithNamespaceIs("ConfigMap", "other-map", DeploymentNamespace(), SyncStatusCodeSynced)). + Expect(ResourceHealthWithNamespaceIs("ConfigMap", "yet-another-map", DeploymentNamespace(), health.HealthStatusHealthy)). + Expect(ResourceSyncStatusWithNamespaceIs("ConfigMap", "yet-another-map", DeploymentNamespace(), SyncStatusCodeSynced)) +} + +func TestInstallationID(t *testing.T) { + ctx := Given(t) + ctx. + SetTrackingMethod(string(argo.TrackingMethodAnnotation)). + And(func() { + _, err := fixture.KubeClientset.CoreV1().ConfigMaps(DeploymentNamespace()).Create( + context.Background(), &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-configmap", + Annotations: map[string]string{ + common.AnnotationKeyAppInstance: fmt.Sprintf("%s:/ConfigMap:%s/test-configmap", ctx.AppName(), DeploymentNamespace()), + }, + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + }). + Path(guestbookPath). + Prune(false). + When().IgnoreErrors().CreateApp().Sync(). + Then().Expect(OperationPhaseIs(OperationSucceeded)).Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). + And(func(app *Application) { + var cm *ResourceStatus + for i := range app.Status.Resources { + if app.Status.Resources[i].Kind == "ConfigMap" && app.Status.Resources[i].Name == "test-configmap" { + cm = &app.Status.Resources[i] + break + } + } + require.NotNil(t, cm) + assert.Equal(t, SyncStatusCodeOutOfSync, cm.Status) + }). + When().SetInstallationID("test").Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + require.Len(t, app.Status.Resources, 2) + svc, err := fixture.KubeClientset.CoreV1().Services(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, "test", svc.Annotations[common.AnnotationInstallationID]) + + deploy, err := fixture.KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, "test", deploy.Annotations[common.AnnotationInstallationID]) + }) +} diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index 0b32f528023a6..5df36d591b1d9 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -522,101 +522,6 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) } -func TestCreateApplicationDespiteParamsError(t *testing.T) { - expectedErrorMessage := `failed to execute go template {{.cluster}}-guestbook: template: :1:2: executing "" at <.cluster>: map has no entry for key "cluster"` - expectedConditionsParamsError := []v1alpha1.ApplicationSetCondition{ - { - Type: v1alpha1.ApplicationSetConditionErrorOccurred, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError, - }, - { - Type: v1alpha1.ApplicationSetConditionParametersGenerated, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonErrorOccurred, - }, - { - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError, - }, - } - expectedApp := argov1alpha1.Application{ - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "my-cluster-guestbook", - Namespace: fixture.TestNamespace(), - Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - }, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "guestbook", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "guestbook", - }, - }, - } - - Given(t). - // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator", - }, - Spec: v1alpha1.ApplicationSetSpec{ - GoTemplate: true, - GoTemplateOptions: []string{"missingkey=error"}, - Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook"}, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "guestbook", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "{{.url}}", - Namespace: "guestbook", - }, - }, - }, - Generators: []v1alpha1.ApplicationSetGenerator{ - { - List: &v1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{ - { - Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`), - }, - { - Raw: []byte(`{"invalidCluster": "invalid-cluster","url": "https://kubernetes.default.svc"}`), - }, - }, - }, - }, - }, - }, - }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). - - // verify the ApplicationSet status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-list-generator", expectedConditionsParamsError)). - - // Delete the ApplicationSet, and verify it deletes the Applications - When(). - Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp})) -} - func TestRenderHelmValuesObject(t *testing.T) { expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -940,7 +845,10 @@ func TestSyncPolicyCreateUpdate(t *testing.T) { Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook-sync-policy-create-update"}, + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "{{.cluster}}-guestbook-sync-policy-create-update", + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", Source: &argov1alpha1.ApplicationSource{ @@ -1008,9 +916,11 @@ func TestSyncPolicyCreateUpdate(t *testing.T) { // verify the ApplicationSet status conditions were set correctly Expect(ApplicationSetHasConditions("sync-policy-create-update", ExpectedConditions)). - // Delete the ApplicationSet, and verify it deletes the Applications + // Delete the ApplicationSet, and verify it not deletes the Applications + // As policy is create-update, AppSet controller will remove all generated applications's ownerReferences on delete AppSet + // So AppSet deletion will be reflected, but all the applications it generates will still exist When(). - Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + Delete().Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewMetadata})) } func TestSyncPolicyCreateDelete(t *testing.T) { @@ -1147,7 +1057,10 @@ func TestSyncPolicyCreateOnly(t *testing.T) { Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook-sync-policy-create-only"}, + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "{{.cluster}}-guestbook-sync-policy-create-only", + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + }, Spec: argov1alpha1.ApplicationSpec{ Project: "default", Source: &argov1alpha1.ApplicationSource{ @@ -1206,9 +1119,11 @@ func TestSyncPolicyCreateOnly(t *testing.T) { // verify the ApplicationSet status conditions were set correctly Expect(ApplicationSetHasConditions("sync-policy-create-only", ExpectedConditions)). - // Delete the ApplicationSet, and verify it deletes the Applications + // Delete the ApplicationSet, and verify it not deletes the Applications + // As policy is create-update, AppSet controller will remove all generated applications's ownerReferences on delete AppSet + // So AppSet deletion will be reflected, but all the applications it generates will still exist When(). - Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) + Delete().Then().Expect(ApplicationsExist([]argov1alpha1.Application{*expectedAppNewNamespace})) } func TestSimpleGitDirectoryGenerator(t *testing.T) { @@ -2761,6 +2676,7 @@ func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request _, err := io.WriteString(w, `[ { "number": 1, + "title": "title1", "labels": [ { "name": "preview" @@ -2773,7 +2689,10 @@ func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request "head": { "ref": "pull-request", "sha": "824a5c987fdfb2b0629e9dbf5f31636c69ba4772" - } + }, + "user": { + "login": "testName" + } } ]`) if err != nil { diff --git a/test/e2e/cluster_test.go b/test/e2e/cluster_test.go index 81399c0a01022..d09df7d0cc812 100644 --- a/test/e2e/cluster_test.go +++ b/test/e2e/cluster_test.go @@ -3,7 +3,6 @@ package e2e import ( "fmt" "net/url" - "strings" "testing" "time" @@ -171,8 +170,8 @@ func TestClusterSet(t *testing.T) { GetByName("in-cluster"). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(output, "namespace-edit-1")) - assert.True(t, strings.Contains(output, "namespace-edit-2")) + assert.Contains(t, output, "namespace-edit-1") + assert.Contains(t, output, "namespace-edit-2") }) } diff --git a/test/e2e/fixture/admin/actions.go b/test/e2e/fixture/admin/actions.go new file mode 100644 index 0000000000000..4519d228f9c1a --- /dev/null +++ b/test/e2e/fixture/admin/actions.go @@ -0,0 +1,67 @@ +package admin + +import ( + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" +) + +// this implements the "when" part of given/when/then +// +// none of the func implement error checks, and that is complete intended, you should check for errors +// using the Then() +type Actions struct { + context *Context + ignoreErrors bool + lastOutput string + lastError error +} + +func (a *Actions) prepareExportCommand() []string { + a.context.t.Helper() + args := []string{"export", "--application-namespaces", fixture.AppNamespace()} + + return args +} + +func (a *Actions) prepareImportCommand() []string { + a.context.t.Helper() + args := []string{"import", "--application-namespaces", fixture.AppNamespace(), "-"} + + return args +} + +func (a *Actions) RunExport() *Actions { + a.context.t.Helper() + a.runCli(a.prepareExportCommand()...) + return a +} + +func (a *Actions) RunImport(stdin string) *Actions { + a.context.t.Helper() + a.runCliWithStdin(stdin, a.prepareImportCommand()...) + return a +} + +func (a *Actions) IgnoreErrors() *Actions { + a.ignoreErrors = true + return a +} + +func (a *Actions) DoNotIgnoreErrors() *Actions { + a.ignoreErrors = false + return a +} + +func (a *Actions) runCli(args ...string) { + a.context.t.Helper() + a.lastOutput, a.lastError = RunCli(args...) +} + +func (a *Actions) runCliWithStdin(stdin string, args ...string) { + a.context.t.Helper() + a.lastOutput, a.lastError = RunCliWithStdin(stdin, args...) +} + +func (a *Actions) Then() *Consequences { + a.context.t.Helper() + return &Consequences{a.context, a} +} diff --git a/test/e2e/fixture/admin/consequences.go b/test/e2e/fixture/admin/consequences.go new file mode 100644 index 0000000000000..bc65f3a532794 --- /dev/null +++ b/test/e2e/fixture/admin/consequences.go @@ -0,0 +1,37 @@ +package admin + +import ( + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/admin/utils" +) + +// this implements the "then" part of given/when/then +type Consequences struct { + context *Context + actions *Actions +} + +func (c *Consequences) And(block func()) *Consequences { + c.context.t.Helper() + block() + return c +} + +func (c *Consequences) AndCLIOutput(block func(output string, err error)) *Consequences { + c.context.t.Helper() + block(c.actions.lastOutput, c.actions.lastError) + return c +} + +// For use after running export with the exported resources desirialized +func (c *Consequences) AndExportedResources(block func(resources *ExportedResources, err error)) { + result, err := GetExportedResourcesFromOutput(c.actions.lastOutput) + block(&result, err) +} + +func (c *Consequences) Given() *Context { + return c.context +} + +func (c *Consequences) When() *Actions { + return c.actions +} diff --git a/test/e2e/fixture/admin/context.go b/test/e2e/fixture/admin/context.go new file mode 100644 index 0000000000000..aed58cb1a7b79 --- /dev/null +++ b/test/e2e/fixture/admin/context.go @@ -0,0 +1,41 @@ +package admin + +import ( + "testing" + + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + "github.com/argoproj/argo-cd/v2/util/env" +) + +// this implements the "given" part of given/when/then +type Context struct { + t *testing.T + // seconds + timeout int + name string +} + +func Given(t *testing.T) *Context { + fixture.EnsureCleanState(t) + return GivenWithSameState(t) +} + +func GivenWithSameState(t *testing.T) *Context { + // ARGOCE_E2E_DEFAULT_TIMEOUT can be used to override the default timeout + // for any context. + timeout := env.ParseNumFromEnv("ARGOCD_E2E_DEFAULT_TIMEOUT", 20, 0, 180) + return &Context{ + t: t, + name: fixture.Name(), + timeout: timeout, + } +} + +func (c *Context) And(block func()) *Context { + block() + return c +} + +func (c *Context) When() *Actions { + return &Actions{context: c} +} diff --git a/test/e2e/fixture/admin/fixture.go b/test/e2e/fixture/admin/fixture.go new file mode 100644 index 0000000000000..92216c58d42fe --- /dev/null +++ b/test/e2e/fixture/admin/fixture.go @@ -0,0 +1,15 @@ +package admin + +import ( + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" +) + +// For admin CLI with kubernetes context +func RunCli(args ...string) (string, error) { + return RunCliWithStdin("", args...) +} + +func RunCliWithStdin(stdin string, args ...string) (string, error) { + args = append([]string{"admin", "--namespace", fixture.TestNamespace()}, args...) + return fixture.RunCliWithStdin(stdin, true, args...) +} diff --git a/test/e2e/fixture/admin/utils/backup.go b/test/e2e/fixture/admin/utils/backup.go new file mode 100644 index 0000000000000..79bd890518603 --- /dev/null +++ b/test/e2e/fixture/admin/utils/backup.go @@ -0,0 +1,48 @@ +package utils + +import ( + "fmt" + "strings" + + kube "github.com/argoproj/gitops-engine/pkg/utils/kube" + yaml "gopkg.in/yaml.v3" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +type ExportedResources []unstructured.Unstructured + +func GetExportedResourcesFromOutput(output string) (ExportedResources, error) { + var resources []unstructured.Unstructured + docs := strings.Split(output, "---") + + for _, doc := range docs { + doc = strings.TrimSpace(doc) + if len(doc) == 0 { + continue + } + + var resourceData map[string]interface{} + + if err := yaml.Unmarshal([]byte(doc), &resourceData); err != nil { + return nil, fmt.Errorf("error unmarshaling YAML: %w", err) + } + + resource := unstructured.Unstructured{Object: resourceData} + resources = append(resources, resource) + } + + return resources, nil +} + +func (e ExportedResources) HasResource(resource kube.ResourceKey) bool { + for _, res := range e { + if res.GetObjectKind().GroupVersionKind().Group == resource.Group && + res.GetKind() == resource.Kind && + res.GetName() == resource.Name && + res.GetNamespace() == resource.Namespace { + return true + } + } + + return false +} diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index 1d013b6628963..5df469b8242eb 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "os" + "slices" log "github.com/sirupsen/logrus" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -225,7 +226,7 @@ func (a *Actions) prepareCreateAppArgs(args []string) []string { "--repo", fixture.RepoURL(a.context.repoURLType), }, args...) - if a.context.destName != "" { + if a.context.destName != "" && a.context.isDestServerInferred && !slices.Contains(args, "--dest-server") { args = append(args, "--dest-name", a.context.destName) } else { args = append(args, "--dest-server", a.context.destServer) @@ -469,6 +470,11 @@ func (a *Actions) SetTrackingMethod(trackingMethod string) *Actions { return a } +func (a *Actions) SetInstallationID(installationID string) *Actions { + fixture.SetInstallationID(installationID) + return a +} + func (a *Actions) SetTrackingLabel(trackingLabel string) *Actions { fixture.SetTrackingLabel(trackingLabel) return a diff --git a/test/e2e/fixture/app/consequences.go b/test/e2e/fixture/app/consequences.go index 9ee99fec6ca6d..ff64dee0de4b8 100644 --- a/test/e2e/fixture/app/consequences.go +++ b/test/e2e/fixture/app/consequences.go @@ -42,6 +42,31 @@ func (c *Consequences) Expect(e Expectation) *Consequences { return c } +// ExpectConsistently will continuously evaluate a condition, and it must be true each time it is evaluated, otherwise the test is failed. The condition will be repeatedly evaluated until 'expirationDuration' is met, waiting 'waitDuration' after each success. +func (c *Consequences) ExpectConsistently(e Expectation, waitDuration time.Duration, expirationDuration time.Duration) *Consequences { + // this invocation makes sure this func is not reported as the cause of the failure - we are a "test helper" + c.context.t.Helper() + + expiration := time.Now().Add(expirationDuration) + for time.Now().Before(expiration) { + state, message := e(c) + switch state { + case succeeded: + log.Infof("expectation succeeded: %s", message) + case failed: + c.context.t.Fatalf("failed expectation: %s", message) + return c + } + + // On condition success: wait, then retry + log.Infof("Expectation '%s' passes, repeating to ensure consistency", message) + time.Sleep(waitDuration) + } + + // If the condition never failed before expiring, it is a pass. + return c +} + func (c *Consequences) And(block func(app *Application)) *Consequences { c.context.t.Helper() block(c.app()) diff --git a/test/e2e/fixture/app/context.go b/test/e2e/fixture/app/context.go index 2225cac54c61d..a08bfeb1a2f19 100644 --- a/test/e2e/fixture/app/context.go +++ b/test/e2e/fixture/app/context.go @@ -14,7 +14,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) -// this implements the "given" part of given/when/then +// Context implements the "given" part of given/when/then type Context struct { t *testing.T path string @@ -26,6 +26,7 @@ type Context struct { appNamespace string destServer string destName string + isDestServerInferred bool env string parameters []string namePrefix string @@ -63,12 +64,13 @@ func GivenWithNamespace(t *testing.T, namespace string) *Context { } func GivenWithSameState(t *testing.T) *Context { - // ARGOCE_E2E_DEFAULT_TIMEOUT can be used to override the default timeout + // ARGOCD_E2E_DEFAULT_TIMEOUT can be used to override the default timeout // for any context. timeout := env.ParseNumFromEnv("ARGOCD_E2E_DEFAULT_TIMEOUT", 20, 0, 180) return &Context{ t: t, destServer: v1alpha1.KubernetesInternalAPIServerAddr, + destName: "in-cluster", repoURLType: fixture.RepoURLTypeFile, name: fixture.Name(), timeout: timeout, @@ -257,11 +259,13 @@ func (c *Context) Timeout(timeout int) *Context { func (c *Context) DestServer(destServer string) *Context { c.destServer = destServer + c.isDestServerInferred = false return c } func (c *Context) DestName(destName string) *Context { c.destName = destName + c.isDestServerInferred = true return c } @@ -362,6 +366,11 @@ func (c *Context) SetTrackingMethod(trackingMethod string) *Context { return c } +func (c *Context) SetInstallationID(installationID string) *Context { + fixture.SetTrackingMethod(installationID) + return c +} + func (c *Context) GetTrackingMethod() v1alpha1.TrackingMethod { return c.trackingMethod } diff --git a/test/e2e/fixture/app/expectation.go b/test/e2e/fixture/app/expectation.go index 8546a4eed7be9..b5e83a664085c 100644 --- a/test/e2e/fixture/app/expectation.go +++ b/test/e2e/fixture/app/expectation.go @@ -143,14 +143,28 @@ func ResourceSyncStatusWithNamespaceIs(kind, resource, namespace string, expecte func ResourceHealthIs(kind, resource string, expected health.HealthStatusCode) Expectation { return func(c *Consequences) (state, string) { - actual := c.resource(kind, resource, "").Health.Status + var actual health.HealthStatusCode + resourceHealth := c.resource(kind, resource, "").Health + if resourceHealth != nil { + actual = resourceHealth.Status + } else { + // Some resources like ConfigMap may not have health status when they are okay + actual = health.HealthStatusHealthy + } return simple(actual == expected, fmt.Sprintf("resource '%s/%s' health should be %s, is %s", kind, resource, expected, actual)) } } func ResourceHealthWithNamespaceIs(kind, resource, namespace string, expected health.HealthStatusCode) Expectation { return func(c *Consequences) (state, string) { - actual := c.resource(kind, resource, namespace).Health.Status + var actual health.HealthStatusCode + resourceHealth := c.resource(kind, resource, namespace).Health + if resourceHealth != nil { + actual = resourceHealth.Status + } else { + // Some resources like ConfigMap may not have health status when they are okay + actual = health.HealthStatusHealthy + } return simple(actual == expected, fmt.Sprintf("resource '%s/%s' health should be %s, is %s", kind, resource, expected, actual)) } } diff --git a/test/e2e/fixture/applicationsets/utils/fixture.go b/test/e2e/fixture/applicationsets/utils/fixture.go index e447f9d455433..1ff0fbbfd6137 100644 --- a/test/e2e/fixture/applicationsets/utils/fixture.go +++ b/test/e2e/fixture/applicationsets/utils/fixture.go @@ -268,7 +268,7 @@ func cleanUpNamespace(fixtureClient *E2EFixtureK8sClient, namespace string) erro msg = err.Error() } - return fmt.Errorf(msg) + return fmt.Errorf("%s", msg) } // waitForSuccess waits for the condition to return a non-error value. diff --git a/test/e2e/fixture/cluster/actions.go b/test/e2e/fixture/cluster/actions.go index bd8fb33184379..ac114bad0cdf9 100644 --- a/test/e2e/fixture/cluster/actions.go +++ b/test/e2e/fixture/cluster/actions.go @@ -3,7 +3,6 @@ package cluster import ( "context" "errors" - "fmt" "log" "strings" @@ -60,7 +59,7 @@ func (a *Actions) Create(args ...string) *Actions { }) if err != nil { if !a.ignoreErrors { - log.Fatalf(fmt.Sprintf("Failed to upsert cluster %v", err.Error())) + log.Fatalf("Failed to upsert cluster %v", err.Error()) } a.lastError = errors.New(err.Error()) } diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index e9e2c351c3df9..d62abe076c73b 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -403,6 +403,13 @@ func SetResourceOverrides(overrides map[string]v1alpha1.ResourceOverride) { SetResourceOverridesSplitKeys(overrides) } +func SetInstallationID(installationID string) { + updateSettingConfigMap(func(cm *corev1.ConfigMap) error { + cm.Data["installationID"] = installationID + return nil + }) +} + func SetTrackingMethod(trackingMethod string) { updateSettingConfigMap(func(cm *corev1.ConfigMap) error { cm.Data["application.resourceTrackingMethod"] = trackingMethod @@ -741,15 +748,20 @@ func RunCliWithRetry(maxRetries int, args ...string) (string, error) { } func RunCli(args ...string) (string, error) { - return RunCliWithStdin("", args...) + return RunCliWithStdin("", false, args...) } -func RunCliWithStdin(stdin string, args ...string) (string, error) { +func RunCliWithStdin(stdin string, isKubeConextOnlyCli bool, args ...string) (string, error) { if plainText { args = append(args, "--plaintext") } - args = append(args, "--server", apiServerAddress, "--auth-token", token, "--insecure") + // For commands executed with Kubernetes context server argument causes a conflict (for those commands server argument is for KubeAPI server), also authentication is not required + if !isKubeConextOnlyCli { + args = append(args, "--server", apiServerAddress, "--auth-token", token) + } + + args = append(args, "--insecure") return RunWithStdin(stdin, "", "../../dist/argocd", args...) } @@ -1010,3 +1022,11 @@ func RecordTestRun(t *testing.T) { t.Fatalf("could not write to %s: %v", rf, err) } } + +func GetApiServerAddress() string { + return apiServerAddress +} + +func GetToken() string { + return token +} diff --git a/test/e2e/git_test.go b/test/e2e/git_test.go index d231ab2034311..7c92274dab56a 100644 --- a/test/e2e/git_test.go +++ b/test/e2e/git_test.go @@ -27,6 +27,21 @@ func TestGitSemverResolutionNotUsingConstraint(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)) } +func TestGitSemverResolutionNotUsingConstraintWithLeadingZero(t *testing.T) { + Given(t). + Path("deployment"). + CustomSSHKnownHostsAdded(). + SSHRepoURLAdded(true). + RepoURLType(fixture.RepoURLTypeSSH). + Revision("0.1.0"). + When(). + AddTag("0.1.0"). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)) +} + func TestGitSemverResolutionUsingConstraint(t *testing.T) { Given(t). Path("deployment"). @@ -51,3 +66,28 @@ func TestGitSemverResolutionUsingConstraint(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(Pod(func(p v1.Pod) bool { return strings.HasPrefix(p.Name, "new-app") })) } + +func TestGitSemverResolutionUsingConstraintWithLeadingZero(t *testing.T) { + Given(t). + Path("deployment"). + CustomSSHKnownHostsAdded(). + SSHRepoURLAdded(true). + RepoURLType(fixture.RepoURLTypeSSH). + Revision("0.1.*"). + When(). + AddTag("0.1.0"). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + When(). + PatchFile("deployment.yaml", `[ + {"op": "replace", "path": "/metadata/name", "value": "new-app"}, + {"op": "replace", "path": "/spec/replicas", "value": 1} +]`). + AddTag("0.1.2"). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(Pod(func(p v1.Pod) bool { return strings.HasPrefix(p.Name, "new-app") })) +} diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index 06e0c8ea9e622..9a95829c33c50 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -362,9 +362,64 @@ func TestKubeVersion(t *testing.T) { "-o", "jsonpath={.data.kubeVersion}")).(string) // Capabilities.KubeVersion defaults to 1.9.0, we assume here you are running a later version assert.LessOrEqual(t, GetVersions().ServerVersion.Format("v%s.%s.0"), kubeVersion) + }). + When(). + // Make sure override works. + AppSet("--helm-kube-version", "999.999.999"). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + assert.Equal(t, "v999.999.999", FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.kubeVersion}")).(string)) + }) +} + +// make sure api versions gets passed down to resources +func TestApiVersions(t *testing.T) { + SkipOnEnv(t, "HELM") + Given(t). + Path("helm-api-versions"). + When(). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + apiVersions := FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.apiVersions}")).(string) + // The v1 API shouldn't be going anywhere. + assert.Contains(t, apiVersions, "v1") + }). + When(). + // Make sure override works. + AppSet("--helm-api-versions", "v1/MyTestResource"). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + apiVersions := FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.apiVersions}")).(string) + assert.Contains(t, apiVersions, "v1/MyTestResource") }) } +func TestHelmNamespaceOverride(t *testing.T) { + SkipOnEnv(t, "HELM") + Given(t). + Path("helm-namespace"). + When(). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + When(). + AppSet("--helm-namespace", "does-not-exist"). + Then(). + // The app should go out of sync, because the resource's target namespace changed. + Expect(SyncStatusIs(SyncStatusCodeOutOfSync)) +} + func TestHelmValuesHiddenDirectory(t *testing.T) { SkipOnEnv(t, "HELM") Given(t). diff --git a/test/e2e/hook_test.go b/test/e2e/hook_test.go index 7c3860b47c8f2..5fe2248051737 100644 --- a/test/e2e/hook_test.go +++ b/test/e2e/hook_test.go @@ -68,7 +68,7 @@ func TestPostDeleteHook(t *testing.T) { }) } -// make sure that that hooks do not appear in "argocd app diff" +// make sure that hooks do not appear in "argocd app diff" func TestHookDiff(t *testing.T) { Given(t). Path("hook"). diff --git a/test/e2e/kustomize_test.go b/test/e2e/kustomize_test.go index 8936d591cfb65..923b9d46fee9e 100644 --- a/test/e2e/kustomize_test.go +++ b/test/e2e/kustomize_test.go @@ -11,8 +11,10 @@ import ( . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" "github.com/argoproj/argo-cd/v2/util/errors" + . "github.com/argoproj/argo-cd/v2/util/errors" ) func TestKustomize2AppSource(t *testing.T) { @@ -286,3 +288,88 @@ func TestKustomizeUnsetOverrideDeployment(t *testing.T) { assert.Nil(t, app.Spec.Source.Kustomize) }) } + +// make sure kube-version gets passed down to resources +func TestKustomizeKubeVersion(t *testing.T) { + Given(t). + Path("kustomize-kube-version"). + And(func() { + errors.FailOnErr(fixture.Run("", "kubectl", "patch", "cm", "argocd-cm", + "-n", fixture.TestNamespace(), + "-p", `{ "data": { "kustomize.buildOptions": "--enable-helm" } }`)) + }). + When(). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + kubeVersion := FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.kubeVersion}")).(string) + // Capabilities.KubeVersion defaults to 1.9.0, we assume here you are running a later version + assert.LessOrEqual(t, GetVersions().ServerVersion.Format("v%s.%s.0"), kubeVersion) + }). + When(). + // Make sure override works. + AppSet("--kustomize-kube-version", "999.999.999"). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + assert.Equal(t, "v999.999.999", FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.kubeVersion}")).(string)) + }) +} + +// make sure api versions gets passed down to resources +func TestKustomizeApiVersions(t *testing.T) { + Given(t). + Path("kustomize-api-versions"). + And(func() { + errors.FailOnErr(fixture.Run("", "kubectl", "patch", "cm", "argocd-cm", + "-n", fixture.TestNamespace(), + "-p", `{ "data": { "kustomize.buildOptions": "--enable-helm" } }`)) + }). + When(). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + apiVersions := FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.apiVersions}")).(string) + // The v1 API shouldn't be going anywhere. + assert.Contains(t, apiVersions, "v1") + }). + When(). + // Make sure override works. + AppSet("--kustomize-api-versions", "v1/MyTestResource"). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + And(func(app *Application) { + apiVersions := FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", + "-o", "jsonpath={.data.apiVersions}")).(string) + assert.Contains(t, apiVersions, "v1/MyTestResource") + }) +} + +func TestKustomizeNamespaceOverride(t *testing.T) { + Given(t). + Path("kustomize-kube-version"). + And(func() { + errors.FailOnErr(fixture.Run("", "kubectl", "patch", "cm", "argocd-cm", + "-n", fixture.TestNamespace(), + "-p", `{ "data": { "kustomize.buildOptions": "--enable-helm" } }`)) + }). + When(). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + When(). + AppSet("--kustomize-namespace", "does-not-exist"). + Then(). + // The app should go out of sync, because the resource's target namespace changed. + Expect(SyncStatusIs(SyncStatusCodeOutOfSync)) +} diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 54ae46ffed69a..ad49d66dc585c 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7 +FROM docker.io/library/busybox@sha256:c230832bd3b0be59a6c47ed64294f9ce71e91b327957920b6929a0caa8353140 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 5e8b42a94442d..4a7bf5c035d0e 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -80,12 +80,12 @@ func TestProjectCreation(t *testing.T) { require.NoError(t, err) // fail without upsert flag - _, err = fixture.RunCliWithStdin(stdinString, "proj", "create", + _, err = fixture.RunCliWithStdin(stdinString, false, "proj", "create", "-f", "-") require.Error(t, err) // succeed with the upsert flag - _, err = fixture.RunCliWithStdin(stdinString, "proj", "create", + _, err = fixture.RunCliWithStdin(stdinString, false, "proj", "create", "-f", "-", "--upsert") require.NoError(t, err) proj, err = fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) @@ -164,21 +164,21 @@ func TestAddProjectDestination(t *testing.T) { "test1", ) require.Error(t, err) - assert.True(t, strings.Contains(err.Error(), "already defined")) + assert.Contains(t, err.Error(), "already defined") _, err = fixture.RunCli("proj", "add-destination", projectName, "!*", "test1", ) require.Error(t, err) - assert.True(t, strings.Contains(err.Error(), "server has an invalid format, '!*'")) + assert.Contains(t, err.Error(), "server has an invalid format, '!*'") _, err = fixture.RunCli("proj", "add-destination", projectName, "https://192.168.99.100:8443", "!*", ) require.Error(t, err) - assert.True(t, strings.Contains(err.Error(), "namespace has an invalid format, '!*'")) + assert.Contains(t, err.Error(), "namespace has an invalid format, '!*'") proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) require.NoError(t, err) @@ -383,7 +383,7 @@ func TestUseJWTToken(t *testing.T) { roleGetResult, err = fixture.RunCli("proj", "role", "get", projectName, roleName) require.NoError(t, err) - assert.True(t, strings.Contains(roleGetResult, strconv.FormatInt(newProj.Status.JWTTokensByRole[roleName].Items[0].IssuedAt, 10))) + assert.Contains(t, roleGetResult, strconv.FormatInt(newProj.Status.JWTTokensByRole[roleName].Items[0].IssuedAt, 10)) _, err = fixture.RunCli("proj", "role", "delete-token", projectName, roleName, strconv.FormatInt(newProj.Status.JWTTokensByRole[roleName].Items[0].IssuedAt, 10)) require.NoError(t, err) @@ -420,7 +420,7 @@ func TestAddOrphanedIgnore(t *testing.T) { "name", ) require.Error(t, err) - assert.True(t, strings.Contains(err.Error(), "already defined")) + assert.Contains(t, err.Error(), "already defined") proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) require.NoError(t, err) @@ -619,3 +619,225 @@ func TestGetVirtualProjectMatch(t *testing.T) { _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", ":Service:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) assert.Contains(t, err.Error(), "blocked by sync window") } + +func TestAddProjectDestinationServiceAccount(t *testing.T) { + fixture.EnsureCleanState(t) + + projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) + _, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Create( + context.Background(), &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: projectName}}, metav1.CreateOptions{}) + if err != nil { + t.Fatalf("Unable to create project %v", err) + } + + // Given, an existing project + // When, a default destination service account with all valid fields is added to it, + // Then, there is no error. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "test-sa", + ) + if err != nil { + t.Fatalf("Unable to add project destination service account %v", err) + } + + // Given, an existing project + // When, a default destination service account with empty namespace is added to it, + // Then, there is no error. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "", + "test-sa", + ) + if err != nil { + t.Fatalf("Unable to add project destination service account %v", err) + } + + // Given, an existing project, + // When, a default destination service account is added with a custom service account namespace, + // Then, there is no error. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns1", + "test-sa", + "--service-account-namespace", + "default", + ) + if err != nil { + t.Fatalf("Unable to add project destination service account %v", err) + } + + // Given, an existing project, + // When, a duplicate default destination service account is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "already defined") + + // Given, an existing project, + // When, a duplicate default destination service account is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "asdf", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "already added") + + // Given, an existing project, + // When, a default destination service account with negation glob pattern for server is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "!*", + "test-ns", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "server has an invalid format, '!*'") + + // Given, an existing project, + // When, a default destination service account with negation glob pattern for server is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "!abc", + "test-ns", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "server has an invalid format, '!abc'") + + // Given, an existing project, + // When, a default destination service account with negation glob pattern for namespace is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "!*", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "namespace has an invalid format, '!*'") + + // Given, an existing project, + // When, a default destination service account with negation glob pattern for namespace is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "!abc", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "namespace has an invalid format, '!abc'") + + // Given, an existing project, + // When, a default destination service account with empty service account is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "defaultServiceAccount has an invalid format, ''") + + // Given, an existing project, + // When, a default destination service account with service account having just white spaces is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + " ", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "defaultServiceAccount has an invalid format, ' '") + + // Given, an existing project, + // When, a default destination service account with service account having backwards slash char is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "test\\sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "defaultServiceAccount has an invalid format, 'test\\\\sa'") + + // Given, an existing project, + // When, a default destination service account with service account having forward slash char is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "test/sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "defaultServiceAccount has an invalid format, 'test/sa'") + + // Given, an existing project, + // When, a default destination service account with service account having square braces char is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "[test-sa]", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "defaultServiceAccount has an invalid format, '[test-sa]'") + + // Given, an existing project, + // When, a default destination service account with service account having curly braces char is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "test-ns", + "{test-sa}", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "defaultServiceAccount has an invalid format, '{test-sa}'") + + // Given, an existing project, + // When, a default destination service account with service account having curly braces char is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "[[ech*", + "test-ns", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "server has an invalid format, '[[ech*'") + + // Given, an existing project, + // When, a default destination service account with service account having curly braces char is added, + // Then, there is an error with appropriate message. + _, err = fixture.RunCli("proj", "add-destination-service-account", projectName, + "https://192.168.99.100:8443", + "[[ech*", + "test-sa", + ) + require.Error(t, err) + assert.Contains(t, err.Error(), "namespace has an invalid format, '[[ech*'") + + proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) + require.NoError(t, err) + assert.Equal(t, projectName, proj.Name) + assert.Len(t, proj.Spec.DestinationServiceAccounts, 3) + + assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.DestinationServiceAccounts[0].Server) + assert.Equal(t, "test-ns", proj.Spec.DestinationServiceAccounts[0].Namespace) + assert.Equal(t, "test-sa", proj.Spec.DestinationServiceAccounts[0].DefaultServiceAccount) + + assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.DestinationServiceAccounts[1].Server) + assert.Equal(t, "", proj.Spec.DestinationServiceAccounts[1].Namespace) + assert.Equal(t, "test-sa", proj.Spec.DestinationServiceAccounts[1].DefaultServiceAccount) + + assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.DestinationServiceAccounts[2].Server) + assert.Equal(t, "test-ns1", proj.Spec.DestinationServiceAccounts[2].Namespace) + assert.Equal(t, "default:test-sa", proj.Spec.DestinationServiceAccounts[2].DefaultServiceAccount) + + assertProjHasEvent(t, proj, "update", argo.EventReasonResourceUpdated) +} diff --git a/test/e2e/scoped_repository_test.go b/test/e2e/scoped_repository_test.go index 1a459af06736d..d1da08b0a434d 100644 --- a/test/e2e/scoped_repository_test.go +++ b/test/e2e/scoped_repository_test.go @@ -1,7 +1,6 @@ package e2e import ( - "strings" "testing" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -57,7 +56,7 @@ func TestCreateRepositoryNonAdminUserPermissionDenied(t *testing.T) { Create(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(err.Error(), "PermissionDenied desc = permission denied: repositories, create")) + assert.Contains(t, err.Error(), "PermissionDenied desc = permission denied: repositories, create") }) } @@ -84,7 +83,7 @@ func TestCreateRepositoryNonAdminUserWithWrongProject(t *testing.T) { Create(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(err.Error(), "PermissionDenied desc = permission denied: repositories, create")) + assert.Contains(t, err.Error(), "PermissionDenied desc = permission denied: repositories, create") }) } @@ -127,7 +126,7 @@ func TestDeleteRepositoryRbacAllowed(t *testing.T) { Delete(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(output, "Repository 'https://github.com/argoproj/argo-cd.git' removed")) + assert.Contains(t, output, "Repository 'https://github.com/argoproj/argo-cd.git' removed") }) } @@ -171,7 +170,7 @@ func TestDeleteRepositoryRbacDenied(t *testing.T) { Delete(). Then(). AndCLIOutput(func(output string, err error) { - assert.True(t, strings.Contains(err.Error(), "PermissionDenied desc = permission denied: repositories, delete")) + assert.Contains(t, err.Error(), "PermissionDenied desc = permission denied: repositories, delete") }) } diff --git a/test/e2e/sync_with_impersonate_test.go b/test/e2e/sync_with_impersonate_test.go new file mode 100644 index 0000000000000..4c7cf166f4a09 --- /dev/null +++ b/test/e2e/sync_with_impersonate_test.go @@ -0,0 +1,302 @@ +package e2e + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/stretchr/testify/require" + v1 "k8s.io/api/core/v1" + rbac "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" +) + +const ( + WaitDuration = time.Second + TimeoutDuration = time.Second * 3 +) + +func TestSyncWithFeatureDisabled(t *testing.T) { + Given(t). + Path("guestbook"). + When(). + SetParamInSettingConfigMap("application.sync.impersonation.enabled", "false"). + CreateFromFile(func(app *v1alpha1.Application) { + app.Spec.SyncPolicy = &v1alpha1.SyncPolicy{Automated: &v1alpha1.SyncPolicyAutomated{}} + }). + Then(). + // With the impersonation feature disabled, Application sync should continue to use + // the control plane service account for the sync operation and the sync should succeed. + ExpectConsistently(SyncStatusIs(v1alpha1.SyncStatusCodeSynced), WaitDuration, TimeoutDuration). + Expect(OperationMessageContains("successfully synced")) +} + +func TestSyncWithNoDestinationServiceAccountsInProject(t *testing.T) { + Given(t). + Path("guestbook"). + When(). + SetParamInSettingConfigMap("application.sync.impersonation.enabled", "true"). + CreateFromFile(func(app *v1alpha1.Application) { + app.Spec.SyncPolicy = &v1alpha1.SyncPolicy{Automated: &v1alpha1.SyncPolicyAutomated{}} + }). + Then(). + // With the impersonation feature enabled, Application sync must fail + // when there are no destination service accounts configured in AppProject + ExpectConsistently(SyncStatusIs(v1alpha1.SyncStatusCodeOutOfSync), WaitDuration, TimeoutDuration). + Expect(OperationMessageContains("failed to find a matching service account to impersonate")) +} + +func TestSyncWithImpersonateWithSyncServiceAccount(t *testing.T) { + projectName := "sync-test-project" + serviceAccountName := "test-account" + roleName := "test-account-sa-role" + Given(t). + SetTrackingMethod("annotation"). + Path("guestbook"). + When(). + SetParamInSettingConfigMap("application.sync.impersonation.enabled", "true"). + And(func() { + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "*", + Namespace: fixture.DeploymentNamespace(), + DefaultServiceAccount: serviceAccountName, + }, + { + Server: "*", + Namespace: fixture.DeploymentNamespace(), + DefaultServiceAccount: "missing-serviceAccount", + }, + } + err := createTestServiceAccount(serviceAccountName, fixture.DeploymentNamespace()) + require.NoError(t, err) + err = createTestAppProject(projectName, fixture.TestNamespace(), destinationServiceAccounts) + require.NoError(t, err) + err = createTestRole(roleName, fixture.DeploymentNamespace(), []rbac.PolicyRule{ + { + APIGroups: []string{"apps", ""}, + Resources: []string{"deployments"}, + Verbs: []string{"*"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"services"}, + Verbs: []string{"*"}, + }, + }) + require.NoError(t, err) + + err = createTestRoleBinding(roleName, serviceAccountName, fixture.DeploymentNamespace()) + require.NoError(t, err) + }). + CreateFromFile(func(app *v1alpha1.Application) { + app.Spec.SyncPolicy = &v1alpha1.SyncPolicy{Automated: &v1alpha1.SyncPolicyAutomated{}} + app.Spec.Project = projectName + }). + Then(). + // With the impersonation feature enabled, Application sync should succeed + // as there is a valid match found in the available destination service accounts configured in AppProject + ExpectConsistently(SyncStatusIs(v1alpha1.SyncStatusCodeSynced), WaitDuration, TimeoutDuration). + Expect(OperationMessageContains("successfully synced")) +} + +func TestSyncWithMissingServiceAccount(t *testing.T) { + projectName := "false-test-project" + serviceAccountName := "test-account" + roleName := "test-account-sa-role" + Given(t). + SetTrackingMethod("annotation"). + Path("guestbook"). + When(). + SetParamInSettingConfigMap("application.sync.impersonation.enabled", "true"). + And(func() { + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "*", + Namespace: fixture.DeploymentNamespace(), + DefaultServiceAccount: "missing-serviceAccount", + }, + { + Server: "*", + Namespace: fixture.DeploymentNamespace(), + DefaultServiceAccount: serviceAccountName, + }, + } + err := createTestServiceAccount(serviceAccountName, fixture.DeploymentNamespace()) + require.NoError(t, err) + err = createTestAppProject(projectName, fixture.TestNamespace(), destinationServiceAccounts) + require.NoError(t, err) + err = createTestRole(roleName, fixture.DeploymentNamespace(), []rbac.PolicyRule{ + { + APIGroups: []string{"apps", ""}, + Resources: []string{"deployments"}, + Verbs: []string{"*"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"services"}, + Verbs: []string{"*"}, + }, + }) + require.NoError(t, err) + + err = createTestRoleBinding(roleName, serviceAccountName, fixture.DeploymentNamespace()) + require.NoError(t, err) + }). + CreateFromFile(func(app *v1alpha1.Application) { + app.Spec.SyncPolicy = &v1alpha1.SyncPolicy{Automated: &v1alpha1.SyncPolicyAutomated{}} + app.Spec.Project = projectName + }). + Then(). + // With the impersonation feature enabled, Application sync must fail + // when there is a valid match found in the available destination service accounts configured in AppProject, + // but the matching service account is missing. + ExpectConsistently(SyncStatusIs(v1alpha1.SyncStatusCodeOutOfSync), WaitDuration, TimeoutDuration). + Expect(OperationMessageContains("one or more objects failed to apply")) +} + +func TestSyncWithValidSAButDisallowedDestination(t *testing.T) { + projectName := "negation-test-project" + serviceAccountName := "test-account" + roleName := "test-account-sa-role" + Given(t). + SetTrackingMethod("annotation"). + Path("guestbook"). + When(). + SetParamInSettingConfigMap("application.sync.impersonation.enabled", "true"). + And(func() { + destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{ + { + Server: "*", + Namespace: fixture.DeploymentNamespace(), + DefaultServiceAccount: serviceAccountName, + }, + } + err := createTestServiceAccount(serviceAccountName, fixture.DeploymentNamespace()) + require.NoError(t, err) + err = createTestAppProject(projectName, fixture.TestNamespace(), destinationServiceAccounts) + require.NoError(t, err) + err = createTestRole(roleName, fixture.DeploymentNamespace(), []rbac.PolicyRule{ + { + APIGroups: []string{"apps", ""}, + Resources: []string{"deployments"}, + Verbs: []string{"*"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"services"}, + Verbs: []string{"*"}, + }, + }) + require.NoError(t, err) + err = createTestRoleBinding(roleName, serviceAccountName, fixture.DeploymentNamespace()) + require.NoError(t, err) + }). + CreateFromFile(func(app *v1alpha1.Application) { + app.Spec.SyncPolicy = &v1alpha1.SyncPolicy{Automated: &v1alpha1.SyncPolicyAutomated{}} + app.Spec.Project = projectName + }). + Then(). + Expect(SyncStatusIs(v1alpha1.SyncStatusCodeSynced)). + When(). + And(func() { + // Patch destination to disallow target destination namespace + patch := []byte(fmt.Sprintf(`{"spec": {"destinations": [{"namespace": "%s"}]}}`, "!"+fixture.DeploymentNamespace())) + + _, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Patch(context.Background(), projectName, types.MergePatchType, patch, metav1.PatchOptions{}) + require.NoError(t, err) + }). + Refresh(v1alpha1.RefreshTypeNormal). + Then(). + // With the impersonation feature enabled, Application sync must fail + // as there is a valid match found in the available destination service accounts configured in AppProject + // but the destination namespace is now disallowed. + ExpectConsistently(SyncStatusIs(v1alpha1.SyncStatusCodeUnknown), WaitDuration, TimeoutDuration) +} + +// createTestAppProject creates a test AppProject resource. +func createTestAppProject(name, namespace string, destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount) error { + appProject := &v1alpha1.AppProject{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Spec: v1alpha1.AppProjectSpec{ + SourceRepos: []string{"*"}, + SourceNamespaces: []string{"*"}, + Destinations: []v1alpha1.ApplicationDestination{ + { + Server: "*", + Namespace: "*", + }, + }, + ClusterResourceWhitelist: []metav1.GroupKind{ + { + Group: "*", + Kind: "*", + }, + }, + DestinationServiceAccounts: destinationServiceAccounts, + }, + } + + _, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(namespace).Create(context.Background(), appProject, metav1.CreateOptions{}) + return err +} + +// createTestRole creates a test Role resource. +func createTestRole(roleName, namespace string, rules []rbac.PolicyRule) error { + role := &rbac.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: namespace, + }, + Rules: rules, + } + + _, err := fixture.KubeClientset.RbacV1().Roles(namespace).Create(context.Background(), role, metav1.CreateOptions{}) + return err +} + +// createTestRoleBinding creates a test RoleBinding resource. +func createTestRoleBinding(roleName, serviceAccountName, namespace string) error { + roleBinding := &rbac.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName + "-binding", + }, + Subjects: []rbac.Subject{ + { + Kind: "ServiceAccount", + Name: serviceAccountName, + Namespace: namespace, + }, + }, + RoleRef: rbac.RoleRef{ + Kind: "Role", + Name: roleName, + APIGroup: "rbac.authorization.k8s.io", + }, + } + + _, err := fixture.KubeClientset.RbacV1().RoleBindings(namespace).Create(context.Background(), roleBinding, metav1.CreateOptions{}) + return err +} + +// createTestServiceAccount creates a test ServiceAccount resource. +func createTestServiceAccount(name, namespace string) error { + serviceAccount := &v1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + } + + _, err := fixture.KubeClientset.CoreV1().ServiceAccounts(namespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{}) + return err +} diff --git a/test/e2e/testdata/helm-api-versions/Chart.yaml b/test/e2e/testdata/helm-api-versions/Chart.yaml new file mode 100644 index 0000000000000..4859bf0726b5f --- /dev/null +++ b/test/e2e/testdata/helm-api-versions/Chart.yaml @@ -0,0 +1,3 @@ +version: 1.0.0 +name: helm-api-versions +kubeVersion: ">=1.0.0" \ No newline at end of file diff --git a/test/e2e/testdata/helm-api-versions/templates/config-map.yaml b/test/e2e/testdata/helm-api-versions/templates/config-map.yaml new file mode 100644 index 0000000000000..5ec9e07025b61 --- /dev/null +++ b/test/e2e/testdata/helm-api-versions/templates/config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map +data: + apiVersions: | + {{.Capabilities.APIVersions | toJson}} diff --git a/test/e2e/testdata/helm-namespace/Chart.yaml b/test/e2e/testdata/helm-namespace/Chart.yaml new file mode 100644 index 0000000000000..a3becea5ac11b --- /dev/null +++ b/test/e2e/testdata/helm-namespace/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: helm \ No newline at end of file diff --git a/test/e2e/testdata/helm-namespace/baz.yaml b/test/e2e/testdata/helm-namespace/baz.yaml new file mode 100644 index 0000000000000..26a745ddb6d38 --- /dev/null +++ b/test/e2e/testdata/helm-namespace/baz.yaml @@ -0,0 +1 @@ +a: b diff --git a/test/e2e/testdata/helm-namespace/templates/config-map.yaml b/test/e2e/testdata/helm-namespace/templates/config-map.yaml new file mode 100644 index 0000000000000..776432f4d8265 --- /dev/null +++ b/test/e2e/testdata/helm-namespace/templates/config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map + namespace: {{.Release.Namespace}} +data: + foo: bar \ No newline at end of file diff --git a/test/e2e/testdata/helm-namespace/values.yaml b/test/e2e/testdata/helm-namespace/values.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/test/e2e/testdata/kustomize-api-versions/helm-chart/Chart.yaml b/test/e2e/testdata/kustomize-api-versions/helm-chart/Chart.yaml new file mode 100644 index 0000000000000..62a5a8dccc5ad --- /dev/null +++ b/test/e2e/testdata/kustomize-api-versions/helm-chart/Chart.yaml @@ -0,0 +1,3 @@ +version: 1.0.0 +name: helm-kube-version +kubeVersion: ">=1.0.0" \ No newline at end of file diff --git a/test/e2e/testdata/kustomize-api-versions/helm-chart/templates/config-map.yaml b/test/e2e/testdata/kustomize-api-versions/helm-chart/templates/config-map.yaml new file mode 100644 index 0000000000000..1237da4ffd0be --- /dev/null +++ b/test/e2e/testdata/kustomize-api-versions/helm-chart/templates/config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map +data: + apiVersions: | + {{.Capabilities.APIVersions}} diff --git a/test/e2e/testdata/kustomize-api-versions/helm-chart/values.yaml b/test/e2e/testdata/kustomize-api-versions/helm-chart/values.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/test/e2e/testdata/kustomize-api-versions/kustomization.yaml b/test/e2e/testdata/kustomize-api-versions/kustomization.yaml new file mode 100644 index 0000000000000..ed97d250133a7 --- /dev/null +++ b/test/e2e/testdata/kustomize-api-versions/kustomization.yaml @@ -0,0 +1,7 @@ +helmGlobals: + chartHome: . + +helmCharts: +- releaseName: test + name: helm-chart + version: v1.0.0 diff --git a/test/e2e/testdata/kustomize-kube-version/helm-chart/Chart.yaml b/test/e2e/testdata/kustomize-kube-version/helm-chart/Chart.yaml new file mode 100644 index 0000000000000..62a5a8dccc5ad --- /dev/null +++ b/test/e2e/testdata/kustomize-kube-version/helm-chart/Chart.yaml @@ -0,0 +1,3 @@ +version: 1.0.0 +name: helm-kube-version +kubeVersion: ">=1.0.0" \ No newline at end of file diff --git a/test/e2e/testdata/kustomize-kube-version/helm-chart/templates/config-map.yaml b/test/e2e/testdata/kustomize-kube-version/helm-chart/templates/config-map.yaml new file mode 100644 index 0000000000000..34ee852195ea4 --- /dev/null +++ b/test/e2e/testdata/kustomize-kube-version/helm-chart/templates/config-map.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-map +data: + kubeVersion: {{.Capabilities.KubeVersion}} diff --git a/test/e2e/testdata/kustomize-kube-version/helm-chart/values.yaml b/test/e2e/testdata/kustomize-kube-version/helm-chart/values.yaml new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/test/e2e/testdata/kustomize-kube-version/kustomization.yaml b/test/e2e/testdata/kustomize-kube-version/kustomization.yaml new file mode 100644 index 0000000000000..ed97d250133a7 --- /dev/null +++ b/test/e2e/testdata/kustomize-kube-version/kustomization.yaml @@ -0,0 +1,7 @@ +helmGlobals: + chartHome: . + +helmCharts: +- releaseName: test + name: helm-chart + version: v1.0.0 diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 139bd696437ce..fa649805767cc 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 -FROM docker.io/library/golang:1.22.0@sha256:7b297d9abee021bab9046e492506b3c2da8a3722cbf301653186545ecc1e00bb AS go +FROM docker.io/library/golang:1.23.1@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 88bf92ec46261..ddd1c26d46f2c 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:22.3.0@sha256:5e4044ff6001d06e7748e35bfa4f80c73cf5f5a7360a1b782995e038a01b0585 as node +FROM docker.io/library/node:22.8.0@sha256:bd00c03095f7586432805dbf7989be10361d27987f93de904b1fc003949a4794 as node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui-test/package.json b/ui-test/package.json index 450a4423ef558..041e43ac3160a 100644 --- a/ui-test/package.json +++ b/ui-test/package.json @@ -14,19 +14,19 @@ "dependencies": { "@types/selenium-webdriver": "^4.1.23", "assert": "^2.1.0", - "chromedriver": "^126.0.1", + "chromedriver": "^128.0.3", "selenium-webdriver": "^4.21.0" }, "devDependencies": { - "@types/mocha": "^10.0.6", - "@types/node": "^20.14.4", + "@types/mocha": "^10.0.8", + "@types/node": "^22.5.5", "dotenv": "^16.4.5", - "mocha": "^10.4.0", + "mocha": "^10.7.3", "prettier": "^2.8.8", "tslint": "^6.1.3", "tslint-config-prettier": "^1.18.0", "tslint-plugin-prettier": "^2.0.1", - "typescript": "^5.4.5", + "typescript": "^5.6.2", "yarn": "^1.22.22" } } diff --git a/ui-test/yarn.lock b/ui-test/yarn.lock index c04ff083abc69..1f6205097d09f 100644 --- a/ui-test/yarn.lock +++ b/ui-test/yarn.lock @@ -33,17 +33,17 @@ resolved "https://registry.yarnpkg.com/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz#db4ecfd499a9765ab24002c3b696d02e6d32a12c" integrity sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA== -"@types/mocha@^10.0.6": - version "10.0.6" - resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.6.tgz#818551d39113081048bdddbef96701b4e8bb9d1b" - integrity sha512-dJvrYWxP/UcXm36Qn36fxhUKu8A/xMRXVT2cliFF1Z7UA9liG5Psj3ezNSZw+5puH2czDXRLcXQxf8JbJt0ejg== +"@types/mocha@^10.0.8": + version "10.0.8" + resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.8.tgz#a7eff5816e070c3b4d803f1d3cd780c4e42934a1" + integrity sha512-HfMcUmy9hTMJh66VNcmeC9iVErIZJli2bszuXc6julh5YGuRb/W5OnkHjwLNYdFlMis0sY3If5SEAp+PktdJjw== -"@types/node@*", "@types/node@^20.14.4": - version "20.14.4" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.4.tgz#3426db474378502882036d595ec9e79a9b17d1e6" - integrity sha512-1ChboN+57suCT2t/f8lwtPY/k3qTpuD/qnqQuYoBg6OQOcPyaw7PiZVdGpaZYAvhDDtqrt0oAaM8+oSu1xsUGw== +"@types/node@*", "@types/node@^22.5.5": + version "22.5.5" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.5.5.tgz#52f939dd0f65fc552a4ad0b392f3c466cc5d7a44" + integrity sha512-Xjs4y5UPO/CLdzpgR6GirZJx36yScjh73+2NlLlkFRSoQN8B0DpfXPdZGnvVmLRLOsqDpOfTNv7D9trgGhmOIA== dependencies: - undici-types "~5.26.4" + undici-types "~6.19.2" "@types/selenium-webdriver@^4.1.23": version "4.1.23" @@ -74,10 +74,10 @@ agent-base@^7.0.2, agent-base@^7.1.0, agent-base@^7.1.1: dependencies: debug "^4.3.4" -ansi-colors@4.1.1: - version "4.1.1" - resolved "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz" - integrity sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA== +ansi-colors@^4.1.3: + version "4.1.3" + resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-4.1.3.tgz#37611340eb2243e70cc604cad35d63270d48781b" + integrity sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw== ansi-regex@^5.0.1: version "5.0.1" @@ -153,10 +153,10 @@ available-typed-arrays@^1.0.2: dependencies: array-filter "^1.0.0" -axios@^1.6.7: - version "1.7.1" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.1.tgz#522145622a09dfaf49359837db9649ff245a35b9" - integrity sha512-+LV37nQcd1EpFalkXksWNBiA17NZ5m5/WspmHGmZmdx1qBOg/VNq/c4eRJiA9VQQHBOs+N0ZhhdU10h2TyNK7Q== +axios@^1.7.4: + version "1.7.4" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.4.tgz#4c8ded1b43683c8dd362973c393f3ede24052aa2" + integrity sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw== dependencies: follow-redirects "^1.15.6" form-data "^4.0.0" @@ -199,9 +199,9 @@ braces@~3.0.2: dependencies: fill-range "^7.1.1" -browser-stdout@1.3.1: +browser-stdout@^1.3.1: version "1.3.1" - resolved "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz" + resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60" integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw== buffer-crc32@~0.2.3: @@ -247,10 +247,10 @@ chalk@^4.1.0: ansi-styles "^4.1.0" supports-color "^7.1.0" -chokidar@3.5.3: - version "3.5.3" - resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd" - integrity sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw== +chokidar@^3.5.3: + version "3.6.0" + resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.6.0.tgz#197c6cc669ef2a8dc5e7b4d97ee4e092c3eb0d5b" + integrity sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw== dependencies: anymatch "~3.1.2" braces "~3.0.2" @@ -262,13 +262,13 @@ chokidar@3.5.3: optionalDependencies: fsevents "~2.3.2" -chromedriver@^126.0.1: - version "126.0.1" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-126.0.1.tgz#2591500833ba5baa626c2725f2877cce02237883" - integrity sha512-uV4xIvpPimKmV1/Hn9oX0C57tjsBbVtOeKFX9JzzPYpsu8xiSUAdqa3A8mgZE5DMJKDDoDyDIrA656QncVWRzg== +chromedriver@^128.0.3: + version "128.0.3" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-128.0.3.tgz#7c2cd2d160f269e78f40840ee7a043dac3687148" + integrity sha512-Xn/bknOpGlY9tKinwS/hVWeNblSeZvbbJbF8XZ73X1jeWfAFPRXx3fMLdNNz8DqruDbx3cKEJ5wR3mnst6G3iw== dependencies: "@testim/chrome-version" "^1.1.4" - axios "^1.6.7" + axios "^1.7.4" compare-versions "^6.1.0" extract-zip "^2.0.1" proxy-agent "^6.4.0" @@ -340,12 +340,12 @@ data-uri-to-buffer@^6.0.2: resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz#8a58bb67384b261a38ef18bea1810cb01badd28b" integrity sha512-7hvf7/GW8e86rW0ptuwS3OcBGDjIi6SZva7hCyWC0yYry2cOPmLIjXAUHI6DK2HsnwJd9ifmt57i8eV2n4YNpw== -debug@4, debug@4.3.4, debug@^4.1.1, debug@^4.3.4: - version "4.3.4" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865" - integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== +debug@4, debug@^4.1.1, debug@^4.3.4, debug@^4.3.5: + version "4.3.7" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.7.tgz#87945b4151a011d76d95a198d7111c865c360a52" + integrity sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ== dependencies: - ms "2.1.2" + ms "^2.1.3" debug@4.3.1: version "4.3.1" @@ -403,16 +403,16 @@ delayed-stream@~1.0.0: resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ== -diff@5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b" - integrity sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w== - diff@^4.0.1: version "4.0.2" resolved "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz" integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== +diff@^5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531" + integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A== + dotenv@^16.4.5: version "16.4.5" resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.5.tgz#cdd3b3b604cb327e286b4762e13502f717cb099f" @@ -474,16 +474,16 @@ escalade@^3.1.1: resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== -escape-string-regexp@4.0.0: - version "4.0.0" - resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz" - integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== - escape-string-regexp@^1.0.5: version "1.0.5" resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz" integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= +escape-string-regexp@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" + integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== + escodegen@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-2.1.0.tgz#ba93bbb7a43986d29d6041f99f5262da773e2e17" @@ -548,9 +548,9 @@ fill-range@^7.1.1: dependencies: to-regex-range "^5.0.1" -find-up@5.0.0: +find-up@^5.0.0: version "5.0.0" - resolved "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz" + resolved "https://registry.yarnpkg.com/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc" integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng== dependencies: locate-path "^6.0.0" @@ -649,17 +649,6 @@ glob-parent@~5.1.2: dependencies: is-glob "^4.0.1" -glob@8.1.0: - version "8.1.0" - resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e" - integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ== - dependencies: - fs.realpath "^1.0.0" - inflight "^1.0.4" - inherits "2" - minimatch "^5.0.1" - once "^1.3.0" - glob@^7.1.1: version "7.2.0" resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.0.tgz#d15535af7732e02e948f4c41628bd910293f6023" @@ -672,6 +661,17 @@ glob@^7.1.1: once "^1.3.0" path-is-absolute "^1.0.0" +glob@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e" + integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^5.0.1" + once "^1.3.0" + gopd@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c" @@ -730,9 +730,9 @@ hasown@^2.0.0: dependencies: function-bind "^1.1.2" -he@1.2.0: +he@^1.2.0: version "1.2.0" - resolved "https://registry.npmjs.org/he/-/he-1.2.0.tgz" + resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== http-proxy-agent@^7.0.0, http-proxy-agent@^7.0.1: @@ -924,13 +924,6 @@ js-tokens@^4.0.0: resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" - integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== - dependencies: - argparse "^2.0.1" - js-yaml@^3.13.1: version "3.14.0" resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz" @@ -939,6 +932,13 @@ js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" +js-yaml@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" + integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + dependencies: + argparse "^2.0.1" + jsbn@1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-1.1.0.tgz#b01307cb29b618a1ed26ec79e911f803c4da0040" @@ -982,7 +982,7 @@ locate-path@^6.0.0: dependencies: p-locate "^5.0.0" -log-symbols@4.1.0: +log-symbols@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503" integrity sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg== @@ -1007,13 +1007,6 @@ mime-types@^2.1.12: dependencies: mime-db "1.52.0" -minimatch@5.0.1: - version "5.0.1" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.0.1.tgz#fb9022f7528125187c92bd9e9b6366be1cf3415b" - integrity sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g== - dependencies: - brace-expansion "^2.0.1" - minimatch@^3.0.4: version "3.1.2" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" @@ -1021,7 +1014,7 @@ minimatch@^3.0.4: dependencies: brace-expansion "^1.1.7" -minimatch@^5.0.1: +minimatch@^5.0.1, minimatch@^5.1.6: version "5.1.6" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.1.6.tgz#1cfcb8cf5522ea69952cd2af95ae09477f122a96" integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g== @@ -1040,38 +1033,38 @@ mkdirp@^0.5.3: dependencies: minimist "^1.2.5" -mocha@^10.4.0: - version "10.4.0" - resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.4.0.tgz#ed03db96ee9cfc6d20c56f8e2af07b961dbae261" - integrity sha512-eqhGB8JKapEYcC4ytX/xrzKforgEc3j1pGlAXVy3eRwrtAy5/nIfT1SvgGzfN0XZZxeLq0aQWkOUAmqIJiv+bA== - dependencies: - ansi-colors "4.1.1" - browser-stdout "1.3.1" - chokidar "3.5.3" - debug "4.3.4" - diff "5.0.0" - escape-string-regexp "4.0.0" - find-up "5.0.0" - glob "8.1.0" - he "1.2.0" - js-yaml "4.1.0" - log-symbols "4.1.0" - minimatch "5.0.1" - ms "2.1.3" - serialize-javascript "6.0.0" - strip-json-comments "3.1.1" - supports-color "8.1.1" - workerpool "6.2.1" - yargs "16.2.0" - yargs-parser "20.2.4" - yargs-unparser "2.0.0" +mocha@^10.7.3: + version "10.7.3" + resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.7.3.tgz#ae32003cabbd52b59aece17846056a68eb4b0752" + integrity sha512-uQWxAu44wwiACGqjbPYmjo7Lg8sFrS3dQe7PP2FQI+woptP4vZXSMcfMyFL/e1yFEeEpV4RtyTpZROOKmxis+A== + dependencies: + ansi-colors "^4.1.3" + browser-stdout "^1.3.1" + chokidar "^3.5.3" + debug "^4.3.5" + diff "^5.2.0" + escape-string-regexp "^4.0.0" + find-up "^5.0.0" + glob "^8.1.0" + he "^1.2.0" + js-yaml "^4.1.0" + log-symbols "^4.1.0" + minimatch "^5.1.6" + ms "^2.1.3" + serialize-javascript "^6.0.2" + strip-json-comments "^3.1.1" + supports-color "^8.1.1" + workerpool "^6.5.1" + yargs "^16.2.0" + yargs-parser "^20.2.9" + yargs-unparser "^2.0.0" ms@2.1.2: version "2.1.2" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== -ms@2.1.3: +ms@^2.1.3: version "2.1.3" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== @@ -1288,10 +1281,10 @@ semver@^5.3.0: resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -serialize-javascript@6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8" - integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag== +serialize-javascript@^6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2" + integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g== dependencies: randombytes "^2.1.0" @@ -1388,18 +1381,11 @@ strip-ansi@^6.0.0, strip-ansi@^6.0.1: dependencies: ansi-regex "^5.0.1" -strip-json-comments@3.1.1: +strip-json-comments@^3.1.1: version "3.1.1" - resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006" integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== -supports-color@8.1.1: - version "8.1.1" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" - integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== - dependencies: - has-flag "^4.0.0" - supports-color@^5.3.0: version "5.5.0" resolved "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz" @@ -1414,6 +1400,13 @@ supports-color@^7.1.0: dependencies: has-flag "^4.0.0" +supports-color@^8.1.1: + version "8.1.1" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" + integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== + dependencies: + has-flag "^4.0.0" + tcp-port-used@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea" @@ -1484,15 +1477,15 @@ tsutils@^2.29.0: dependencies: tslib "^1.8.1" -typescript@^5.4.5: - version "5.4.5" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.4.5.tgz#42ccef2c571fdbd0f6718b1d1f5e6e5ef006f611" - integrity sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ== +typescript@^5.6.2: + version "5.6.2" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.6.2.tgz#d1de67b6bef77c41823f822df8f0b3bcff60a5a0" + integrity sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw== -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== +undici-types@~6.19.2: + version "6.19.8" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.19.8.tgz#35111c9d1437ab83a7cdc0abae2f26d88eda0a02" + integrity sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw== universalify@^2.0.0: version "2.0.1" @@ -1528,10 +1521,10 @@ which-typed-array@^1.1.2: has-symbols "^1.0.1" is-typed-array "^1.1.3" -workerpool@6.2.1: - version "6.2.1" - resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.2.1.tgz#46fc150c17d826b86a008e5a4508656777e9c343" - integrity sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw== +workerpool@^6.5.1: + version "6.5.1" + resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.5.1.tgz#060f73b39d0caf97c6db64da004cd01b4c099544" + integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA== wrap-ansi@^7.0.0: version "7.0.0" @@ -1557,19 +1550,14 @@ y18n@^5.0.5: resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== -yargs-parser@20.2.4: - version "20.2.4" - resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.4.tgz#b42890f14566796f85ae8e3a25290d205f154a54" - integrity sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA== - -yargs-parser@^20.2.2: +yargs-parser@^20.2.2, yargs-parser@^20.2.9: version "20.2.9" resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w== -yargs-unparser@2.0.0: +yargs-unparser@^2.0.0: version "2.0.0" - resolved "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz" + resolved "https://registry.yarnpkg.com/yargs-unparser/-/yargs-unparser-2.0.0.tgz#f131f9226911ae5d9ad38c432fe809366c2325eb" integrity sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA== dependencies: camelcase "^6.0.0" @@ -1577,7 +1565,7 @@ yargs-unparser@2.0.0: flat "^5.0.2" is-plain-obj "^2.1.0" -yargs@16.2.0: +yargs@^16.2.0: version "16.2.0" resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66" integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw== diff --git a/ui/package.json b/ui/package.json index a7ec12f6d0071..e5b5b0a874a47 100644 --- a/ui/package.json +++ b/ui/package.json @@ -69,6 +69,7 @@ "@babel/preset-env": "^7.7.1", "@babel/preset-react": "^7.18.6", "@babel/preset-typescript": "^7.7.2", + "@codecov/webpack-plugin": "^0.0.1-beta.10", "@eslint/js": "^9.1.1", "@types/classnames": "^2.2.3", "@types/cookie": "^0.5.1", @@ -79,7 +80,7 @@ "@types/js-yaml": "^4.0.9", "@types/lodash-es": "^4.17.6", "@types/minimatch": "^3.0.3", - "@types/node": "20.6.3", + "@types/node": "20.14.12", "@types/prop-types": "^15.7.5", "@types/react": "^16.8.5", "@types/react-autocomplete": "^1.8.10", @@ -121,9 +122,9 @@ "ts-node": "10.9.2", "typescript": "^4.9.5", "typescript-eslint": "^7.8.0", - "webpack": "^5.84.1", + "webpack": "^5.94.0", "webpack-cli": "^4.9.2", "webpack-dev-server": "^4.7.4", - "yarn": "^1.22.21" + "yarn": "^1.22.22" } } diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx index fb52e54e03ddc..1e8bd3b383c34 100644 --- a/ui/src/app/app.tsx +++ b/ui/src/app/app.tsx @@ -1,9 +1,10 @@ -import {DataLoader, NavigationManager, Notifications, NotificationsManager, PageContext, Popup, PopupManager, PopupProps} from 'argo-ui'; +import {DataLoader, NavigationManager, NotificationType, Notifications, NotificationsManager, PageContext, Popup, PopupManager, PopupProps} from 'argo-ui'; import {createBrowserHistory} from 'history'; import * as PropTypes from 'prop-types'; import * as React from 'react'; import {Helmet} from 'react-helmet'; import {Redirect, Route, RouteComponentProps, Router, Switch} from 'react-router'; +import {Subscription} from 'rxjs'; import applications from './applications'; import help from './help'; import login from './login'; @@ -19,6 +20,8 @@ import {Banner} from './ui-banner/ui-banner'; import userInfo from './user-info'; import {AuthSettings} from './shared/models'; import {PKCEVerification} from './login/components/pkce-verify'; +import {getPKCERedirectURI, pkceLogin} from './login/components/utils'; +import {SystemLevelExtension} from './shared/services/extensions-service'; services.viewPreferences.init(); const bases = document.getElementsByTagName('base'); @@ -85,28 +88,6 @@ async function isExpiredSSO() { return false; } -requests.onError.subscribe(async err => { - if (err.status === 401) { - if (history.location.pathname.startsWith('/login')) { - return; - } - - const isSSO = await isExpiredSSO(); - // location might change after async method call, so we need to check again. - if (history.location.pathname.startsWith('/login')) { - return; - } - // Query for basehref and remove trailing /. - // If basehref is the default `/` it will become an empty string. - const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, ''); - if (isSSO) { - window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`; - } else { - history.push(`/login?return_url=${encodeURIComponent(location.href)}`); - } - } -}); - export class App extends React.Component< {}, {popupProps: PopupProps; showVersionPanel: boolean; error: Error; navItems: NavItem[]; routes: Routes; extensionsLoaded: boolean; authSettings: AuthSettings} @@ -125,6 +106,8 @@ export class App extends React.Component< private navigationManager: NavigationManager; private navItems: NavItem[]; private routes: Routes; + private popupPropsSubscription: Subscription; + private unauthorizedSubscription: Subscription; constructor(props: {}) { super(props); @@ -134,10 +117,16 @@ export class App extends React.Component< this.navigationManager = new NavigationManager(history); this.navItems = navItems; this.routes = routes; + this.popupPropsSubscription = null; + this.unauthorizedSubscription = null; + services.extensions.addEventListener('systemLevel', this.onAddSystemLevelExtension.bind(this)); } public async componentDidMount() { - this.popupManager.popupProps.subscribe(popupProps => this.setState({popupProps})); + this.popupPropsSubscription = this.popupManager.popupProps.subscribe(popupProps => this.setState({popupProps})); + this.subscribeUnauthorized().then(subscription => { + this.unauthorizedSubscription = subscription; + }); const authSettings = await services.authService.settings(); const {trackingID, anonymizeUsers} = authSettings.googleAnalytics || {trackingID: '', anonymizeUsers: true}; const {loggedIn, username} = await services.users.get(); @@ -162,31 +151,16 @@ export class App extends React.Component< document.head.appendChild(link); } - const systemExtensions = services.extensions.getSystemExtensions(); - const extendedNavItems = this.navItems; - const extendedRoutes = this.routes; - for (const extension of systemExtensions) { - extendedNavItems.push({ - title: extension.title, - path: extension.path, - iconClassName: `fa ${extension.icon}` - }); - const component = () => ( - <> - - {extension.title} - Argo CD - - - - - - ); - extendedRoutes[extension.path] = { - component: component as React.ComponentType> - }; - } + this.setState({...this.state, navItems: this.navItems, routes: this.routes, extensionsLoaded: false, authSettings}); + } - this.setState({...this.state, navItems: extendedNavItems, routes: extendedRoutes, extensionsLoaded: true, authSettings}); + public componentWillUnmount() { + if (this.popupPropsSubscription) { + this.popupPropsSubscription.unsubscribe(); + } + if (this.unauthorizedSubscription) { + this.unauthorizedSubscription.unsubscribe(); + } } public render() { @@ -263,4 +237,63 @@ export class App extends React.Component< public getChildContext() { return {history, apis: {popup: this.popupManager, notifications: this.notificationsManager, navigation: this.navigationManager}}; } + + private async subscribeUnauthorized() { + return requests.onError.subscribe(async err => { + if (err.status === 401) { + if (history.location.pathname.startsWith('/login')) { + return; + } + + const isSSO = await isExpiredSSO(); + // location might change after async method call, so we need to check again. + if (history.location.pathname.startsWith('/login')) { + return; + } + // Query for basehref and remove trailing /. + // If basehref is the default `/` it will become an empty string. + const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, ''); + if (isSSO) { + const authSettings = await services.authService.settings(); + + if (authSettings?.oidcConfig?.enablePKCEAuthentication) { + pkceLogin(authSettings.oidcConfig, getPKCERedirectURI().toString()).catch(err => { + this.getChildContext().apis.notifications.show({ + type: NotificationType.Error, + content: err?.message || JSON.stringify(err) + }); + }); + } else { + window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`; + } + } else { + history.push(`/login?return_url=${encodeURIComponent(location.href)}`); + } + } + }); + } + + private onAddSystemLevelExtension(extension: SystemLevelExtension) { + const extendedNavItems = this.navItems; + const extendedRoutes = this.routes; + extendedNavItems.push({ + title: extension.title, + path: extension.path, + iconClassName: `fa ${extension.icon}` + }); + const component = () => ( + <> + + {extension.title} - Argo CD + + + + + + ); + extendedRoutes[extension.path] = { + component: component as React.ComponentType> + }; + this.setState({...this.state, navItems: extendedNavItems, routes: extendedRoutes, extensionsLoaded: true}); + } } diff --git a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap index 10f05e4cf80fe..f580fd6f66b35 100644 --- a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap +++ b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap @@ -50,7 +50,7 @@ exports[`ComparisonStatusIcon.Unknown 1`] = ` exports[`HealthStatusIcon.Degraded 1`] = ` { + debouncedOnAppChanged.cancel(); + }; + }, [debouncedOnAppChanged]); function normalizeTypeFields(formApi: FormApi, type: models.AppSourceType) { const appToNormalize = formApi.getFormState().values; diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx b/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx new file mode 100644 index 0000000000000..e98f46fc60e06 --- /dev/null +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx @@ -0,0 +1,125 @@ +import * as moment from 'moment'; +import * as React from 'react'; +import * as models from '../../../shared/models'; +import './application-deployment-history.scss'; +import {DataLoader} from 'argo-ui'; +import {Revision} from '../../../shared/components'; +import {services} from '../../../shared/services'; +import {ApplicationParameters} from '../application-parameters/application-parameters'; +import {RevisionMetadataRows} from './revision-metadata-rows'; + +type props = { + app: models.Application; + info: models.RevisionHistory; + index: number; +}; + +export const ApplicationDeploymentHistoryDetails = ({app, info, index}: props) => { + const deployments = (app.status.history || []).slice().reverse(); + const recentDeployments = deployments.map((info, i) => { + const nextDeployedAt = i === 0 ? null : deployments[i - 1].deployedAt; + const runEnd = nextDeployedAt ? moment(nextDeployedAt) : moment(); + return {...info, nextDeployedAt, durationMs: runEnd.diff(moment(info.deployedAt)) / 1000}; + }); + + const [showParameterDetails, setShowParameterDetails] = React.useState(Boolean); + + return ( + <> + {info.sources === undefined ? ( + +
+
+
Revision:
+
+ +
+
+
+ + + + {showParameterDetails && ( + services.repos.appDetails(src, src.appName, app.spec.project, 0, recentDeployments[index].id)}> + {(details: models.RepoAppDetails) => ( +
+ +
+ )} + + )} + + ) : ( + info.sources.map((source, i) => ( + + {i > 0 ?
: null} +
+
+
Revision:
+
+ +
+
+
+ + + + {showParameterDetails && ( + services.repos.appDetails(src, src.appName, app.spec.project, i, recentDeployments[index].id)}> + {(details: models.RepoAppDetails) => ( +
+ +
+ )} + + )} + + )) + )} + + ); +}; diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss index b370878a36520..abacf037f48e5 100644 --- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss @@ -3,7 +3,6 @@ .application-deployment-history { &__item { - cursor: pointer; position: relative; @include themify($themes) { background: themed('background-2'); @@ -34,6 +33,10 @@ right: 1em; } + &__show-parameter-details { + margin: 20px 0px; + } + .white-box { margin-top: 1em; padding: 0; diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx index c81f2c41c55a0..69adefe598216 100644 --- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx @@ -1,22 +1,18 @@ -import {DataLoader, DropDownMenu, Duration} from 'argo-ui'; +import {DropDownMenu, Duration} from 'argo-ui'; import {InitiatedBy} from './initiated-by'; import * as moment from 'moment'; import * as React from 'react'; -import {Revision, Timestamp} from '../../../shared/components'; +import {Timestamp} from '../../../shared/components'; import * as models from '../../../shared/models'; -import {services} from '../../../shared/services'; -import {ApplicationParameters} from '../application-parameters/application-parameters'; -import {RevisionMetadataRows} from './revision-metadata-rows'; import './application-deployment-history.scss'; +import {ApplicationDeploymentHistoryDetails} from './application-deployment-history-details'; export const ApplicationDeploymentHistory = ({ app, rollbackApp, - selectedRollbackDeploymentIndex, selectDeployment }: { app: models.Application; - selectedRollbackDeploymentIndex: number; rollbackApp: (info: models.RevisionHistory) => any; selectDeployment: (index: number) => any; }) => { @@ -26,6 +22,7 @@ export const ApplicationDeploymentHistory = ({ const runEnd = nextDeployedAt ? moment(nextDeployedAt) : moment(); return {...info, nextDeployedAt, durationMs: runEnd.diff(moment(info.deployedAt)) / 1000}; }); + return (
{recentDeployments.map((info, index) => ( @@ -75,87 +72,8 @@ export const ApplicationDeploymentHistory = ({
- {selectedRollbackDeploymentIndex === index ? ( - info.sources === undefined ? ( - -
-
-
Revision:
-
- -
-
-
- - services.repos.appDetails(src, src.appName, app.spec.project, 0, recentDeployments[index].id)}> - {(details: models.RepoAppDetails) => ( -
- -
- )} - - - ) : ( - info.sources.map((source, i) => ( - - {i > 0 ?
: null} -
-
-
Revision:
-
- -
-
-
- - services.repos.appDetails(src, src.appName, app.spec.project, i, recentDeployments[index].id)}> - {(details: models.RepoAppDetails) => ( -
- -
- )} - - - )) - ) - ) : ( -

Click to see source details.

- )} +
))} diff --git a/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx b/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx index 1043d0bfa5659..be141a3b879c4 100644 --- a/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx +++ b/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx @@ -5,7 +5,7 @@ import {ApplicationSource, RevisionMetadata, ChartDetails} from '../../../shared import {services} from '../../../shared/services'; export const RevisionMetadataRows = (props: {applicationName: string; applicationNamespace: string; source: ApplicationSource; index: number; versionId: number}) => { - if (props.source.chart) { + if (props?.source?.chart) { return ( { const [opened, setOpened] = React.useState(false); @@ -34,7 +35,7 @@ export const ApplicationsDetailsAppDropdown = (props: {appName: string}) => { } /> - services.applications.list([], {fields: ['items.metadata.name']})}> + services.applications.list([], {fields: ['items.metadata.name', 'items.metadata.namespace']})}> {apps => apps.items .filter(app => { @@ -42,7 +43,7 @@ export const ApplicationsDetailsAppDropdown = (props: {appName: string}) => { }) .slice(0, 100) // take top 100 results after filtering to avoid performance issues .map(app => ( -
  • ctx.navigation.goto(`/applications/${app.metadata.name}`)}> +
  • ctx.navigation.goto(getAppUrl(app))}> {app.metadata.name} {app.metadata.name === props.appName && ' (current)'}
    • )) diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index 34d5121f87557..28db4ca5aa1f6 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -30,7 +30,7 @@ import {ApplicationsDetailsAppDropdown} from './application-details-app-dropdown import {useSidebarTarget} from '../../../sidebar/sidebar'; import './application-details.scss'; -import {AppViewExtension, StatusPanelExtension} from '../../../shared/services/extensions-service'; +import {TopBarActionMenuExt, AppViewExtension, StatusPanelExtension} from '../../../shared/services/extensions-service'; interface ApplicationDetailsState { page: number; @@ -44,6 +44,8 @@ interface ApplicationDetailsState { extensionsMap?: {[key: string]: AppViewExtension}; statusExtensions?: StatusPanelExtension[]; statusExtensionsMap?: {[key: string]: StatusPanelExtension}; + topBarActionMenuExts?: TopBarActionMenuExt[]; + topBarActionMenuExtsMap?: {[key: string]: TopBarActionMenuExt}; } interface FilterInput { @@ -80,20 +82,9 @@ export class ApplicationDetails extends React.Component(null); - private appNamespace: string; constructor(props: RouteComponentProps<{appnamespace: string; name: string}>) { super(props); - const extensions = services.extensions.getAppViewExtensions(); - const extensionsMap: {[key: string]: AppViewExtension} = {}; - extensions.forEach(ext => { - extensionsMap[ext.title] = ext; - }); - const statusExtensions = services.extensions.getStatusPanelExtensions(); - const statusExtensionsMap: {[key: string]: StatusPanelExtension} = {}; - statusExtensions.forEach(ext => { - statusExtensionsMap[ext.id] = ext; - }); this.state = { page: 0, groupedResources: [], @@ -101,18 +92,54 @@ export class ApplicationDetails extends React.Component { + this.setState({...this.state, ...this.getExtensionsState()}); + }; + + private getExtensionsState = () => { + const extensions = services.extensions.getAppViewExtensions(); + const extensionsMap: {[key: string]: AppViewExtension} = {}; + extensions.forEach(ext => { + extensionsMap[ext.title] = ext; + }); + const statusExtensions = services.extensions.getStatusPanelExtensions(); + const statusExtensionsMap: {[key: string]: StatusPanelExtension} = {}; + statusExtensions.forEach(ext => { + statusExtensionsMap[ext.id] = ext; + }); + const topBarActionMenuExts = services.extensions.getActionMenuExtensions(); + const topBarActionMenuExtsMap: {[key: string]: TopBarActionMenuExt} = {}; + topBarActionMenuExts.forEach(ext => { + topBarActionMenuExtsMap[ext.id] = ext; + }); + return {extensions, extensionsMap, statusExtensions, statusExtensionsMap, topBarActionMenuExts, topBarActionMenuExtsMap}; + }; + private get showOperationState() { return new URLSearchParams(this.props.history.location.search).get('operation') === 'true'; } @@ -400,7 +427,7 @@ export class ApplicationDetails extends React.Component Loading...} input={this.props.match.params.name} load={name => - combineLatest([this.loadAppInfo(name, this.appNamespace), services.viewPreferences.getPreferences(), q]).pipe( + combineLatest([this.loadAppInfo(name, this.getAppNamespace()), services.viewPreferences.getPreferences(), q]).pipe( map(items => { const application = items[0].application; const pref = items[1].appDetails; @@ -567,7 +594,8 @@ export class ApplicationDetails extends React.Component @@ -580,7 +608,14 @@ export class ApplicationDetails extends React.Component} ], - actionMenu: {items: this.getApplicationActionMenu(application, true)}, + actionMenu: { + items: [ + ...this.getApplicationActionMenu(application, true), + ...(this.state.topBarActionMenuExts + ?.filter(ext => ext.shouldDisplay?.(application)) + .map(ext => this.renderActionMenuItem(ext, tree, application, this.setExtensionPanelVisible)) || []) + ] + }, tools: (
    @@ -825,6 +860,7 @@ export class ApplicationDetails extends React.Component this.updateApp(app, query)} selectedNode={selectedNode} + appCxt={this.context} tab={tab} /> @@ -837,7 +873,6 @@ export class ApplicationDetails extends React.Component -1 && ( this.rollbackApplication(info, application)} selectDeployment={i => this.setRollbackPanelVisible(i)} /> @@ -866,10 +901,16 @@ export class ApplicationDetails extends React.Component this.setExtensionPanelVisible('')}> - {this.selectedExtension !== '' && activeExtension && activeExtension.flyout && ( - + {this.selectedExtension !== '' && activeStatusExt?.flyout && } + + this.setExtensionPanelVisible('')}> + {this.selectedExtension !== '' && activeTopBarActionMenuExt?.flyout && ( + )} @@ -881,7 +922,13 @@ export class ApplicationDetails extends React.Component ); } - + private renderActionMenuItem(ext: TopBarActionMenuExt, tree: appModels.ApplicationTree, application: appModels.Application, showExtension?: (id: string) => any): any { + return { + action: () => this.setExtensionPanelVisible(ext.id), + title: showExtension && showExtension(ext.id)} />, + iconClassName: ext.iconClassName + }; + } private getApplicationActionMenu(app: appModels.Application, needOverlapLabelOnNarrowScreen: boolean) { const refreshing = app.metadata.annotations && app.metadata.annotations[appModels.AnnotationRefreshKey]; const fullName = AppUtils.nodeKey({group: 'argoproj.io', kind: app.kind, name: app.metadata.name, namespace: app.metadata.namespace}); @@ -890,18 +937,20 @@ export class ApplicationDetails extends React.Component, - action: () => this.selectNode(fullName) + action: () => this.selectNode(fullName), + disabled: !app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) }, { iconClassName: 'fa fa-file-medical', title: , action: () => this.selectNode(fullName, 0, 'diff'), - disabled: app.status.sync.status === appModels.SyncStatuses.Synced + disabled: app.status.sync.status === appModels.SyncStatuses.Synced || (!app.spec.source && (!app.spec.sources || app.spec.sources.length === 0)) }, { iconClassName: 'fa fa-sync', title: , - action: () => AppUtils.showDeploy('all', null, this.appContext.apis) + action: () => AppUtils.showDeploy('all', null, this.appContext.apis), + disabled: !app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) }, { iconClassName: 'fa fa-info-circle', @@ -1122,8 +1171,8 @@ Are you sure you want to disable auto-sync and rollback application '${this.prop update.spec.syncPolicy = {automated: null}; await services.applications.update(update); } - await services.applications.rollback(this.props.match.params.name, this.appNamespace, revisionHistory.id); - this.appChanged.next(await services.applications.get(this.props.match.params.name, this.appNamespace)); + await services.applications.rollback(this.props.match.params.name, this.getAppNamespace(), revisionHistory.id); + this.appChanged.next(await services.applications.get(this.props.match.params.name, this.getAppNamespace())); this.setRollbackPanelVisible(-1); } } catch (e) { @@ -1139,7 +1188,7 @@ Are you sure you want to disable auto-sync and rollback application '${this.prop } private async deleteApplication() { - await AppUtils.deleteApplication(this.props.match.params.name, this.appNamespace, this.appContext.apis); + await AppUtils.deleteApplication(this.props.match.params.name, this.getAppNamespace(), this.appContext.apis); } } diff --git a/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.scss b/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.scss index c735215f0cae8..80b2312a7b3d3 100644 --- a/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.scss +++ b/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.scss @@ -10,4 +10,9 @@ height: 100%; padding: 20px 30px; background-color: $argo-color-gray-3; -} + + .theme-dark & { + background-color: #28292a; + color: #fff; + } +} \ No newline at end of file diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index edd787e0240c1..4d1f2720bf9a9 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -22,17 +22,18 @@ const RenderContainerState = (props: {container: any}) => { return (
    - {props.container.state?.running && ( + {props.container.state?.running ? ( - )} - {(props.container.state.terminated && props.container.state.terminated?.exitCode !== 0) || + ) : ( + (props.container.state.terminated && props.container.state.terminated?.exitCode !== 0) || (lastState && lastState?.exitCode !== 0 && ( - ))} + )) + )} {props.container.name}
    diff --git a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx index 57ec1f122f915..f6284258b238e 100644 --- a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx +++ b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx @@ -1,4 +1,4 @@ -import {Checkbox, DropDown, Duration, NotificationType, Ticker} from 'argo-ui'; +import {Checkbox, DropDown, Duration, NotificationType, Ticker, HelpIcon} from 'argo-ui'; import * as moment from 'moment'; import * as PropTypes from 'prop-types'; import * as React from 'react'; @@ -15,6 +15,7 @@ interface Props { application: models.Application; operationState: models.OperationState; } +const buildResourceUniqueId = (res: Omit) => `${res.group}-${res.kind}-${res.version}-${res.namespace}-${res.name}`; const Filter = (props: {filters: string[]; setFilters: (f: string[]) => void; options: string[]; title: string; style?: React.CSSProperties}) => { const {filters, setFilters, options, title, style} = props; @@ -126,18 +127,60 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl } } const [filters, setFilters] = React.useState([]); + const [healthFilters, setHealthFilters] = React.useState([]); + const Healths = Object.keys(models.HealthStatuses); const Statuses = Object.keys(models.ResultCodes); const OperationPhases = Object.keys(models.OperationPhases); // const syncPhases = ['PreSync', 'Sync', 'PostSync', 'SyncFail']; // const hookPhases = ['Running', 'Terminating', 'Failed', 'Error', 'Succeeded']; + const resourceHealth = application.status.resources.reduce( + (acc, res) => { + if (res.health) { + acc[buildResourceUniqueId(res)] = res.health; + } - let filtered: models.ResourceResult[] = []; - if (syncResult) { - if (syncResult.resources && syncResult.resources.length > 0) { - filtered = syncResult.resources.filter(r => filters.length === 0 || filters.includes(getStatus(r))); + return acc; + }, + {} as Record + ); + + const combinedHealthSyncResult: models.SyncResourceResult[] = syncResult?.resources?.map(syncResultItem => { + const uniqueResourceName = buildResourceUniqueId(syncResultItem); + + const healthStatus = resourceHealth[uniqueResourceName]; + + const syncResultWithHealth: models.SyncResourceResult = { + ...syncResultItem + }; + + if (healthStatus) { + syncResultWithHealth.health = healthStatus; } + + return syncResultWithHealth; + }); + let filtered: models.SyncResourceResult[] = []; + + if (combinedHealthSyncResult && combinedHealthSyncResult.length > 0) { + filtered = combinedHealthSyncResult.filter(r => { + if (filters.length === 0 && healthFilters.length === 0) { + return true; + } + + let pass = true; + if (filters.length !== 0 && !filters.includes(getStatus(r))) { + pass = false; + } + + if (pass && healthFilters.length !== 0 && !healthFilters.includes(r.health?.status)) { + pass = false; + } + + return pass; + }); } + return (
    @@ -155,6 +198,7 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl
    +
    @@ -166,6 +210,7 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl
    NAMESPACE
    NAME
    STATUS
    +
    HEALTH
    HOOK
    MESSAGE
    @@ -189,6 +234,16 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl
    {getStatus(resource)}
    +
    + {resource.health ? ( +
    + {resource.health?.status} + {resource.health.message && } +
    + ) : ( + <>{'-'} + )} +
    {resource.hookType}
    diff --git a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx index 4acbcdd82fcf6..2d494af941d3d 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx @@ -24,8 +24,10 @@ export interface ApplicationParametersPanelProps { viewBottom?: string | React.ReactNode; editTop?: (formApi: FormApi) => React.ReactNode; editBottom?: (formApi: FormApi) => React.ReactNode; + numberOfSources?: number; noReadonlyMode?: boolean; collapsible?: boolean; + deleteSource: () => void; } interface ApplicationParametersPanelState { @@ -64,9 +66,11 @@ export class ApplicationParametersSource extends React.Component { this.setState({editBottom: editClicked}); }} + deleteSource={this.props.deleteSource} /> {this.props.itemsTop && ( diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.scss b/ui/src/app/applications/components/application-parameters/application-parameters.scss index e49945dc85324..d40c88ac05340 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.scss +++ b/ui/src/app/applications/components/application-parameters/application-parameters.scss @@ -42,6 +42,10 @@ right: 1em; } + .source-panel-buttons { + margin-bottom: 10px; + } + .argo-field { line-height: 1.15; } @@ -64,6 +68,10 @@ .select { padding-bottom: 0; + + .select__value{ + min-height: 28px; + } } .row.application-retry-options { diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index 427be982b05f6..041880f007928 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -1,4 +1,4 @@ -import {AutocompleteField, DataLoader, FormField, FormSelect, getNestedField} from 'argo-ui'; +import {AutocompleteField, DataLoader, ErrorNotification, FormField, FormSelect, getNestedField, NotificationType, SlidingPanel} from 'argo-ui'; import * as React from 'react'; import {FieldApi, FormApi, FormField as ReactFormField, Text, TextArea} from 'react-form'; import {cloneDeep} from 'lodash-es'; @@ -18,7 +18,8 @@ import { Revision, Repo, EditablePanel, - EditablePanelItem + EditablePanelItem, + Spinner } from '../../../shared/components'; import * as models from '../../../shared/models'; import {ApplicationSourceDirectory, Plugin} from '../../../shared/models'; @@ -27,13 +28,15 @@ import {ImageTagFieldEditor} from './kustomize'; import * as kustomize from './kustomize-image'; import {VarsInputField} from './vars-input-field'; import {concatMaps} from '../../../shared/utils'; -import {getAppDefaultSource} from '../utils'; +import {deleteSourceAction, getAppDefaultSource, helpTip} from '../utils'; import * as jsYaml from 'js-yaml'; import {RevisionFormField} from '../revision-form-field/revision-form-field'; import classNames from 'classnames'; import {ApplicationParametersSource} from './application-parameters-source'; import './application-parameters.scss'; +import {AppContext} from '../../../shared/context'; +import {SourcePanel} from './source-panel'; const TextWithMetadataField = ReactFormField((props: {metadata: {value: string}; fieldApi: FieldApi; className: string}) => { const { @@ -148,17 +151,30 @@ export const ApplicationParameters = (props: { setPageNumber?: (x: number) => any; collapsedSources?: boolean[]; handleCollapse?: (i: number, isCollapsed: boolean) => void; + appContext?: AppContext; + tempSource?: models.ApplicationSource; }) => { const app = cloneDeep(props.application); const source = getAppDefaultSource(app); // For source field const appSources = app?.spec.sources; const [removedOverrides, setRemovedOverrides] = React.useState(new Array()); const collapsible = props.collapsedSources !== undefined && props.handleCollapse !== undefined; + const [createApi, setCreateApi] = React.useState(null); + const [isAddingSource, setIsAddingSource] = React.useState(false); + const [isSavingSource, setIsSavingSource] = React.useState(false); const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); if (app.spec.sources?.length > 0 && !props.details) { + // For multi-source case only return (
    +
    + +
    + setIsAddingSource(false)} + header={ +
    + {' '} + +
    + }> + { + setCreateApi(api); + }} + onSubmitFailure={errors => { + props.appContext.apis.notifications.show({ + content: 'Cannot add source: ' + errors.toString(), + type: NotificationType.Warning + }); + }} + updateApp={async updatedAppSource => { + setIsSavingSource(true); + props.application.spec.sources.push(updatedAppSource.spec.source); + try { + await services.applications.update(props.application); + setIsAddingSource(false); + } catch (e) { + props.application.spec.sources.pop(); + props.appContext.apis.notifications.show({ + content: , + type: NotificationType.Error + }); + } finally { + setIsSavingSource(false); + } + }} + /> +
    ); } else { - // For the other old/existings references of ApplicationParameters that have details already loaded. They are single source + // For the three other references of ApplicationParameters. They are single source. + // Create App, Add source, Rollback and History let attributes: EditablePanelItem[] = []; if (props.details) { return getEditablePanel( - gatherDetails(0, props.details, attributes, source, app, setRemovedOverrides, removedOverrides, appParamsDeletedState, setAppParamsDeletedState, false), + gatherDetails( + 0, + props.details, + attributes, + props.tempSource ? props.tempSource : source, + app, + setRemovedOverrides, + removedOverrides, + appParamsDeletedState, + setAppParamsDeletedState, + false + ), props.details ); } else { - // For single source field, for resource details where we have to do the load. + // For single source field, details page where we have to do the load to retrieve repo details return ( getSingleSource(application)}> {(details: models.RepoAppDetails) => { @@ -247,7 +328,10 @@ export const ApplicationParameters = (props: {
    )} - getSourceFromAppSources(src, app.metadata.name, app.spec.project, index, 0)}> + getSourceFromAppSources(src, app.metadata.name, app.spec.project, index, 0)}> {(details: models.RepoAppDetails) => getEditablePanelForOneSource(details, index, app.spec.sources[index])}
    @@ -270,10 +354,10 @@ export const ApplicationParameters = (props: { function isDefinedWithVersion(item: any) { return item !== null && item !== undefined && item.match(/:/); } - if (updatedSrc.helm && updatedSrc.helm.parameters) { + if (updatedSrc && updatedSrc.helm?.parameters) { updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); } - if (updatedSrc.kustomize && updatedSrc.kustomize.images) { + if (updatedSrc && updatedSrc.kustomize?.images) { updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); } @@ -295,7 +379,7 @@ export const ApplicationParameters = (props: { params = params.filter(param => !appParamsDeletedState.includes(param.name)); input.spec.source.plugin.parameters = params; } - if (input.spec.source.helm && input.spec.source.helm.valuesObject) { + if (input.spec.source && input.spec.source.helm?.valuesObject) { input.spec.source.helm.valuesObject = jsYaml.load(input.spec.source.helm.values); // Deserialize json input.spec.source.helm.values = ''; } @@ -303,7 +387,7 @@ export const ApplicationParameters = (props: { setRemovedOverrides(new Array()); }) } - values={((repoAppDetails.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app} + values={((repoAppDetails?.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app} validate={updatedApp => { const errors = {} as any; @@ -312,7 +396,7 @@ export const ApplicationParameters = (props: { errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; } - if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { + if (updatedApp.spec.source && updatedApp.spec.source.helm?.values) { const parsedValues = jsYaml.load(updatedApp.spec.source.helm.values); errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; } @@ -320,12 +404,12 @@ export const ApplicationParameters = (props: { return errors; }} onModeSwitch={ - repoAppDetails.plugin && + repoAppDetails?.plugin && (() => { setAppParamsDeletedState([]); }) } - title={repoAppDetails.type.toLocaleUpperCase()} + title={repoAppDetails?.type?.toLocaleUpperCase()} items={items as EditablePanelItem[]} noReadonlyMode={props.noReadonlyMode} hasMultipleSources={false} @@ -402,7 +486,7 @@ export const ApplicationParameters = (props: { saveBottom={ props.save && (async (input: models.Application) => { - const updatedSrc = input.spec.sources[ind]; + const appSrc = input.spec.sources[ind]; function isDefined(item: any) { return item !== null && item !== undefined; @@ -411,11 +495,11 @@ export const ApplicationParameters = (props: { return item !== null && item !== undefined && item.match(/:/); } - if (updatedSrc.helm && updatedSrc.helm.parameters) { - updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); + if (appSrc.helm && appSrc.helm.parameters) { + appSrc.helm.parameters = appSrc.helm.parameters.filter(isDefined); } - if (updatedSrc.kustomize && updatedSrc.kustomize.images) { - updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); + if (appSrc.kustomize && appSrc.kustomize.images) { + appSrc.kustomize.images = appSrc.kustomize.images.filter(isDefinedWithVersion); } let params = input.spec?.sources[ind]?.plugin?.parameters; @@ -435,11 +519,11 @@ export const ApplicationParameters = (props: { } params = params.filter(param => !appParamsDeletedState.includes(param.name)); - updatedSrc.plugin.parameters = params; + appSrc.plugin.parameters = params; } - if (updatedSrc.helm && updatedSrc.helm.valuesObject) { - updatedSrc.helm.valuesObject = jsYaml.load(updatedSrc.helm.values); // Deserialize json - updatedSrc.helm.values = ''; + if (appSrc.helm && appSrc.helm.valuesObject) { + appSrc.helm.valuesObject = jsYaml.load(appSrc.helm.values); // Deserialize json + appSrc.helm.values = ''; } await props.save(input, {}); @@ -486,6 +570,10 @@ export const ApplicationParameters = (props: { itemsTop={upperPanel as EditablePanelItem[]} noReadonlyMode={props.noReadonlyMode} collapsible={collapsible} + numberOfSources={app?.spec?.sources.length} + deleteSource={() => { + deleteSourceAction(app, app.spec.sources.at(ind), props.appContext); + }} /> ); } @@ -556,23 +644,24 @@ function gatherCoreSourceDetails(i: number, attributes: EditablePanelItem[], sou ) }); } else { + const targetRevision = source ? source.targetRevision || 'HEAD' : 'Unknown'; attributes.push({ title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => + view: , + edit: (formApi: FormApi) => }); attributes.push({ title: 'PATH', view: ( - - {processPath(source.path)} + + {processPath(source?.path)} ), edit: (formApi: FormApi) => }); attributes.push({ title: 'REF', - view: {source.ref}, + view: {source?.ref}, edit: (formApi: FormApi) => }); } diff --git a/ui/src/app/applications/components/application-parameters/source-panel.scss b/ui/src/app/applications/components/application-parameters/source-panel.scss new file mode 100644 index 0000000000000..9ee0b7c0aa785 --- /dev/null +++ b/ui/src/app/applications/components/application-parameters/source-panel.scss @@ -0,0 +1,18 @@ +@import 'node_modules/argo-ui/src/styles/config'; + +.new-source-panel { + + .checkbox-container { + margin: 0.5em ; + } + + pre { + font-family: monospace; + line-height: normal; + white-space: pre; + } + + .row.argo-form-row .columns { + padding-left: 0; + } +} diff --git a/ui/src/app/applications/components/application-parameters/source-panel.tsx b/ui/src/app/applications/components/application-parameters/source-panel.tsx new file mode 100644 index 0000000000000..c5d6ca4050291 --- /dev/null +++ b/ui/src/app/applications/components/application-parameters/source-panel.tsx @@ -0,0 +1,375 @@ +import {AutocompleteField, DataLoader, DropDownMenu, FormField} from 'argo-ui'; +import * as deepMerge from 'deepmerge'; +import * as React from 'react'; +import {Form, FormApi, FormErrors, Text} from 'react-form'; +import {ApplicationParameters} from '../../../applications/components/application-parameters/application-parameters'; +import {RevisionFormField} from '../../../applications/components/revision-form-field/revision-form-field'; +import {RevisionHelpIcon} from '../../../shared/components'; +import * as models from '../../../shared/models'; +import {services} from '../../../shared/services'; +import './source-panel.scss'; + +// This is similar to what is in application-create-panel.tsx. If the create panel +// is modified to support multi-source apps, then we should refactor and common these up +const appTypes = new Array<{field: string; type: models.AppSourceType}>( + {type: 'Helm', field: 'helm'}, + {type: 'Kustomize', field: 'kustomize'}, + {type: 'Directory', field: 'directory'}, + {type: 'Plugin', field: 'plugin'} +); + +// This is similar to the same function in application-create-panel.tsx. If the create panel +// is modified to support multi-source apps, then we should refactor and common these up +function normalizeAppSource(app: models.Application, type: string): boolean { + const source = app.spec.source; + // eslint-disable-next-line no-prototype-builtins + const repoType = (source.hasOwnProperty('chart') && 'helm') || 'git'; + if (repoType !== type) { + if (type === 'git') { + source.path = source.chart; + delete source.chart; + source.targetRevision = 'HEAD'; + } else { + source.chart = source.path; + delete source.path; + source.targetRevision = ''; + } + return true; + } + return false; +} + +// Use a single source app to represent the 'new source'. This panel will make use of the source field only. +// However, we need to use a template based on an Application so that we can reuse the application-parameters code +const DEFAULT_APP: Partial = { + apiVersion: 'argoproj.io/v1alpha1', + kind: 'Application', + metadata: { + name: '' + }, + spec: { + destination: { + name: '', + namespace: '', + server: '' + }, + source: { + path: '', + repoURL: '', + ref: '', + targetRevision: 'HEAD' + }, + sources: [], + project: '' + } +}; + +export const SourcePanel = (props: { + appCurrent: models.Application; + onSubmitFailure: (error: string) => any; + updateApp: (app: models.Application) => any; + getFormApi: (api: FormApi) => any; +}) => { + const [explicitPathType, setExplicitPathType] = React.useState<{path: string; type: models.AppSourceType}>(null); + const appInEdit = deepMerge(DEFAULT_APP, {}); + + function normalizeTypeFields(formApi: FormApi, type: models.AppSourceType) { + const appToNormalize = formApi.getFormState().values; + for (const item of appTypes) { + if (item.type !== type) { + delete appToNormalize.spec.source[item.field]; + } + } + formApi.setAllValues(appToNormalize); + } + + return ( + + Promise.all([services.repos.list()]).then(([reposInfo]) => ({reposInfo}))}> + {({reposInfo}) => { + const repos = reposInfo.map(info => info.repo).sort(); + return ( +
    +
    { + let samePath = false; + let sameChartVersion = false; + let pathError = null; + let chartError = null; + if (a.spec.source.repoURL && a.spec.source.path) { + props.appCurrent.spec.sources.forEach(source => { + if (source.repoURL === a.spec.source.repoURL && source.path === a.spec.source.path) { + samePath = true; + pathError = 'Provided path in the selected repository URL was already added to this multi-source application'; + } + }); + } + if (a.spec?.source?.repoURL && a.spec?.source?.chart) { + props.appCurrent.spec.sources.forEach(source => { + if ( + source?.repoURL === a.spec?.source?.repoURL && + source?.chart === a.spec?.source?.chart && + source?.targetRevision === a.spec?.source?.targetRevision + ) { + sameChartVersion = true; + chartError = + 'Version ' + + source?.targetRevision + + ' of chart ' + + source?.chart + + ' from the selected repository was already added to this multi-source application'; + } + }); + } + if (!samePath) { + if (!a.spec?.source?.path && !a.spec?.source?.chart && !a.spec?.source?.ref) { + pathError = 'Path or Ref is required'; + } + } + if (!sameChartVersion) { + if (!a.spec?.source?.chart && !a.spec?.source?.path && !a.spec?.source?.ref) { + chartError = 'Chart is required'; + } + } + return { + 'spec.source.repoURL': !a.spec?.source?.repoURL && 'Repository URL is required', + // eslint-disable-next-line no-prototype-builtins + 'spec.source.targetRevision': !a.spec?.source?.targetRevision && a.spec?.source?.hasOwnProperty('chart') && 'Version is required', + 'spec.source.path': pathError, + 'spec.source.chart': chartError + }; + }} + defaultValues={appInEdit} + onSubmitFailure={(errors: FormErrors) => { + let errorString: string = ''; + let i = 0; + for (const key in errors) { + if (errors[key]) { + i++; + errorString = errorString.concat(i + '. ' + errors[key] + ' '); + } + } + props.onSubmitFailure(errorString); + }} + onSubmit={values => { + props.updateApp(values as models.Application); + }} + getApi={props.getFormApi}> + {api => { + // eslint-disable-next-line no-prototype-builtins + const repoType = (api.getFormState().values.spec?.source?.hasOwnProperty('chart') && 'helm') || 'git'; + const repoInfo = reposInfo.find(info => info.repo === api.getFormState().values.spec?.source?.repoURL); + if (repoInfo) { + normalizeAppSource(appInEdit, repoInfo.type || 'git'); + } + const sourcePanel = () => ( +
    +

    SOURCE

    +
    +
    + +
    +
    +
    + {(repoInfo && ( + + {(repoInfo.type || 'git').toUpperCase()} + + )) || ( + ( +

    + {repoType.toUpperCase()} +

    + )} + items={['git', 'helm'].map((type: 'git' | 'helm') => ({ + title: type.toUpperCase(), + action: () => { + if (repoType !== type) { + const updatedApp = api.getFormState().values as models.Application; + if (normalizeAppSource(updatedApp, type)) { + api.setAllValues(updatedApp); + } + } + } + }))} + /> + )} +
    +
    +
    + {(repoType === 'git' && ( + + +
    + + (src.repoURL && + (await services.repos + .apps(src.repoURL, src.revision, appInEdit.metadata.name, props.appCurrent.spec.project) + .then(apps => Array.from(new Set(apps.map(item => item.path))).sort()) + .catch(() => new Array()))) || + new Array() + }> + {(apps: string[]) => ( + + )} + +
    +
    + +
    +     + )) || ( + + (src.repoURL && services.repos.charts(src.repoURL).catch(() => new Array())) || + new Array() + }> + {(charts: models.HelmChart[]) => { + const selectedChart = charts.find(chart => chart.name === api.getFormState().values.spec?.source?.chart); + return ( +
    +
    + chart.name), + filterSuggestions: true + }} + /> +
    +
    + + +
    +
    + ); + }} +     + )} +
    + ); + + const typePanel = () => ( + { + if (src?.repoURL && src?.targetRevision && (src?.path || src?.chart)) { + return services.repos.appDetails(src, src?.appName, props.appCurrent.spec?.project, 0, 0).catch(() => ({ + type: 'Directory', + details: {} + })); + } else { + return { + type: 'Directory', + details: {} + }; + } + }}> + {(details: models.RepoAppDetails) => { + const type = (explicitPathType && explicitPathType.path === appInEdit.spec?.source?.path && explicitPathType.type) || details.type; + if (details.type !== type) { + switch (type) { + case 'Helm': + details = { + type, + path: details.path, + helm: {name: '', valueFiles: [], path: '', parameters: [], fileParameters: []} + }; + break; + case 'Kustomize': + details = {type, path: details.path, kustomize: {path: ''}}; + break; + case 'Plugin': + details = {type, path: details.path, plugin: {name: '', env: []}}; + break; + // Directory + default: + details = {type, path: details.path, directory: {}}; + break; + } + } + return ( + + ( +

    + {type} +

    + )} + items={appTypes.map(item => ({ + title: item.type, + action: () => { + setExplicitPathType({type: item.type, path: appInEdit.spec?.source?.path}); + normalizeTypeFields(api, item.type); + } + }))} + /> + { + api.setAllValues(updatedApp); + }} + /> +     + ); + }} +     + ); + + return ( + + {sourcePanel()} + + {typePanel()} + + ); + }} + +
    + ); + }} +     +     + ); +}; diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index 643e24034d54a..ee76418546a4e 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -112,7 +112,7 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh application.status.sync && (hasMultipleSources ? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart - : application.status.sync.revision && !application.spec.source.chart) && ( + : application.status.sync.revision && !application.spec?.source?.chart) && (
    diff --git a/ui/src/app/applications/components/application-summary/application-summary.scss b/ui/src/app/applications/components/application-summary/application-summary.scss index 408feb30da01c..ee0ae6cacd171 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.scss +++ b/ui/src/app/applications/components/application-summary/application-summary.scss @@ -42,8 +42,23 @@ right: 1em; } + &__links-rows { + margin: 10px 0; + } + + &__links-row { + display: flex; + align-items: center; + height: 35px; + } + .argo-field { line-height: 1.15; + button { + @include themify($themes) { + color: themed('text-1'); + } + } } .white-box__details p { diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 1747e943af69f..6dbd5081806ae 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -172,7 +172,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { }, !hasMultipleSources && { title: 'REPO URL', - view: , + view: , edit: (formApi: FormApi) => }, ...(!hasMultipleSources @@ -180,11 +180,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { ? [ { title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), + view: {source && `${source.chart}:${source.targetRevision}`}, edit: (formApi: FormApi) => hasMultipleSources ? ( helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') @@ -263,7 +259,12 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => { view: app.spec.revisionHistoryLimit, edit: (formApi: FormApi) => (
    - +
    - {urls - .map(item => item.split('|')) - .map((parts, i) => ( - 1 ? parts[1] : parts[0]} target='__blank'> - {parts[0]}   - - ))} +
    + {urls + .map(item => item.split('|')) + .map((parts, i) => ( + + ))} +
    ) }); diff --git a/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx b/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx index d1b2d597079a1..771204edc05f5 100644 --- a/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx +++ b/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx @@ -10,8 +10,7 @@ import './edit-notification-subscriptions.scss'; export const NOTIFICATION_SUBSCRIPTION_ANNOTATION_PREFIX = 'notifications.argoproj.io/subscribe'; -// eslint-disable-next-line no-useless-escape -export const NOTIFICATION_SUBSCRIPTION_ANNOTATION_REGEX = new RegExp(`^notifications\.argoproj\.io\/subscribe\.[a-zA-Z-]{1,100}\.[a-zA-Z-]{1,100}$`); +export const NOTIFICATION_SUBSCRIPTION_ANNOTATION_REGEX = new RegExp(`^notifications\\.argoproj\\.io/subscribe\\.[a-zA-Z-]{1,100}\\.[a-zA-Z-]{1,100}$`); export type TNotificationSubscription = { trigger: string; diff --git a/ui/src/app/applications/components/application-summary/edit-notification-subscriptsions.test.ts b/ui/src/app/applications/components/application-summary/edit-notification-subscriptsions.test.ts new file mode 100644 index 0000000000000..8cfc93bb29a06 --- /dev/null +++ b/ui/src/app/applications/components/application-summary/edit-notification-subscriptsions.test.ts @@ -0,0 +1,6 @@ +import {NOTIFICATION_SUBSCRIPTION_ANNOTATION_REGEX} from "./edit-notification-subscriptions"; + +test('rejects incorrect annotations', () => { + expect(NOTIFICATION_SUBSCRIPTION_ANNOTATION_REGEX.test('notifications_argoproj_io/subscribe_a_b')).toEqual(false) + expect(NOTIFICATION_SUBSCRIPTION_ANNOTATION_REGEX.test('notifications.argoproj.io/subscribe.a.b')).toEqual(true) +}) diff --git a/ui/src/app/applications/components/applications-list/applications-source.tsx b/ui/src/app/applications/components/applications-list/applications-source.tsx index 0a5fbe51f37c0..d0fe9d096444a 100644 --- a/ui/src/app/applications/components/applications-list/applications-source.tsx +++ b/ui/src/app/applications/components/applications-list/applications-source.tsx @@ -5,7 +5,7 @@ import {ApplicationSource as ApplicationSourceType} from '../../../shared/models import './applications-source.scss'; export const ApplicationsSource = ({source}: {source: ApplicationSourceType}) => { - const sourceString = `${source.repoURL}/${source.path || source.chart}`; + const sourceString = source ? `${source.repoURL}/${source.path || source.chart}` : ''; return (
    {sourceString}
    diff --git a/ui/src/app/applications/components/applications-list/applications-table.tsx b/ui/src/app/applications/components/applications-list/applications-table.tsx index a024059e16e5b..b90f940a79480 100644 --- a/ui/src/app/applications/components/applications-list/applications-table.tsx +++ b/ui/src/app/applications/components/applications-list/applications-table.tsx @@ -37,7 +37,7 @@ export const ApplicationsTable = (props: { keys: Key.ENTER, action: () => { if (selectedApp > -1) { - ctxh.navigation.goto(`/applications/${props.applications[selectedApp].metadata.name}`); + ctxh.navigation.goto(AppUtils.getAppUrl(props.applications[selectedApp])); return true; } return false; @@ -57,9 +57,7 @@ export const ApplicationsTable = (props: { key={AppUtils.appInstanceName(app)} className={`argo-table-list__row applications-list__entry applications-list__entry--health-${app.status.health.status} ${selectedApp === i ? 'applications-tiles__selected' : ''}`}> -
    ctx.navigation.goto(`/applications/${app.metadata.namespace}/${app.metadata.name}`, {}, {event: e})}> +
    ctx.navigation.goto(AppUtils.getAppUrl(app), {}, {event: e})}>
    diff --git a/ui/src/app/applications/components/applications-list/applications-tiles.tsx b/ui/src/app/applications/components/applications-list/applications-tiles.tsx index 3467d3b952a87..ccbbccf75ae10 100644 --- a/ui/src/app/applications/components/applications-list/applications-tiles.tsx +++ b/ui/src/app/applications/components/applications-list/applications-tiles.tsx @@ -66,7 +66,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat keys: Key.ENTER, action: () => { if (selectedApp > -1) { - ctxh.navigation.goto(`/applications/${applications[selectedApp].metadata.name}`); + ctxh.navigation.goto(AppUtils.getAppUrl(applications[selectedApp])); return true; } return false; @@ -108,6 +108,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat
    {applications.map((app, i) => { const source = getAppDefaultSource(app); + const targetRevision = source ? source.targetRevision || 'HEAD' : 'Unknown'; return (
    - ctx.navigation.goto(`/applications/${app.metadata.namespace}/${app.metadata.name}`, {view: pref.appDetails.view}, {event: e}) - }> + onClick={e => ctx.navigation.goto(AppUtils.getAppUrl(app), {view: pref.appDetails.view}, {event: e})}>
    0 ? 'columns small-10' : 'columns small-11'}> - + {AppUtils.appQualifiedName(app, useAuthSettingsCtx?.appsInAnyNamespaceEnabled)} @@ -208,8 +207,8 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat Repository:
    - - {source.repoURL} + + {source?.repoURL}
    @@ -217,22 +216,22 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat
    Target Revision:
    -
    {source.targetRevision || 'HEAD'}
    +
    {targetRevision}
    - {source.path && ( + {source?.path && (
    Path:
    -
    {source.path}
    +
    {source?.path}
    )} - {source.chart && ( + {source?.chart && (
    Chart:
    -
    {source.chart}
    +
    {source?.chart}
    )}
    diff --git a/ui/src/app/applications/components/filter/filter.tsx b/ui/src/app/applications/components/filter/filter.tsx index 7c1bb1e81ec45..c0ef2268170c8 100644 --- a/ui/src/app/applications/components/filter/filter.tsx +++ b/ui/src/app/applications/components/filter/filter.tsx @@ -148,7 +148,7 @@ export const Filter = (props: FilterProps) => { setValues(update); }} style={{width: '100%'}} - inputStyle={{marginBottom: '0.5em', backgroundColor: 'black', border: 'none'}} + inputStyle={{marginBottom: '0.5em', backgroundColor: 'black', border: 'none', color: '#fff'}} /> )} {((props.field ? tags : options) || []).map((opt, i) => ( diff --git a/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx b/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx index 5dca12dd6af6c..bcd67ead7e9ab 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx @@ -27,7 +27,7 @@ export const ContainerSelector = ({ }; if (containerNames.length <= 1) return <>; return ( - +